It is possible to change the password at login/logout to the target machines using Password View Policies for the auto-login.
Can I do the same thing for the manual login?
CA Privileged Access Manager 3.x
If the user is not using auto-login, PAM won’t know what account has to change the password.
The policy is set by target account. You can define the Password View Policy(PVP) to change the target account after being used.
If the user enter the credentials manually, then this is just a simple “string”.
What you can do is to define a PVP to change the password after the check-in/check out.
And in the PAM policies, define to view the target account password.
Using this option will deny other users to use the account until the current user check it out.
Example of Password View Policy
At Access screen, get the password and login with it.