root account synchronization fails for UNIX solaris target application type

Document ID : KB000113741
Last Modified Date : 19/10/2018
Show Technical Document Details
Issue:
Synchronization of the root account for a unix - solaris endpoint fails, despite the fact that from CA PAM ssh with the credentials stored works fine. The messages complain about a failure with the script processor. Why is this occurring ?
Environment:
CA PAM 3.X
Cause:
There are several factors that may contribute to this. In this article we are highlighting two possible common causes:
  • Slow connection/response from the machine. PAM expects data to be sent to and back from the target machine within a certain amount of time. This is controlled by the Script timeout parameter in the Script Processor section of the Target application definition
 
User-added image

By default this is 5000 milliseconds, so 5 seconds. But in some systems this may take longer
  • Specifying the incorrect account type. As it is known, the credential manager in CA PAM bases its interaction with the target machine depending on whether the account specified is a root account or not. For instance, the root account is able to change its own password, whereby no passwd command needs to be issued to UNIX in order for it to be changed. If we defined a root account as being non-root, the Credential manager would be expect the passwd command (and corresponding responses) to be sent to it, and default of them being received, interpret that the application has failed. This is controlled in the UNIX session of the target account definition
User-added image
 
Resolution:
Make sure that the timeout is sufficient, if you see slow connections to the target device, and also make sure that the right type of account is selected in the UNIX section of the Target Account definition