Currently using PAM Xsuite 2.8.3 and I just ran the Report Name: Account Passwords Update Attempts. The report generated into a csv file. Can anyone explain the following two columns Chan & Gen'd in detail?
Chan Column: What are the codes TRUE, 15212, 15220, 5995,1600,etc?
Gen'd Column: What is the difference between the TRUE and FALSE output?
"Chan" means "Changed".
This has been updated in the PAM 3.1.1 version (I have not checked 3.0.x).
It will appear as "Changed".
If the password Change attempt was successful then you will see "TRUE" in the value.
If it failed, then you will see the error codes listed below.
Credential Manager Error Codes and Messages - CA Privileged Access Manager - 2.8.3 - CA Technologies Documentation
I do not have any info on what the "Gen'd" would mean (although one can assume it could be "Generated").
I will let other people to chime in on that part.
FYI, checked on PAM 3.1.1 and it still shows as "Gen'd".
I have notified the documents team to make improvements in these area.
Thank you Kim for this feedback, this helps out a lot. Do you know if there's a report out there that will display any accounts that are locked due to failed password change?
Can you create a new question so that we can manage the questions and answers in a more searchable way?
Correct, "Gen'd" means whether PAM generated a random password for that password change, or whether the password was manually input.
TRUE = password generated randomly by PAM.
FALSE = PAM admin manually entered password, or scheduled job configured to use a user inputted password, or scheduled job configured to use the same password for multiple accounts (i.e. only first account has randomly generated password, all other accounts re-use the same password).