Hi Chris,
If you run a scheduled job in newer versions of PAM, the scheduled jobs will fail on the verification step(mostly). This is dependent on how many accounts you have, so if you have a lot of accounts it will fail to verify the passwords after they have been changed and in some cases the password update would not be reflected in PAM itself.
This appears to be related to the multi-threading implemented in said newer versions for password rotation using scheduled jobs. The scheduled jobs might work if you have very few accounts but the results could be unpredictable then as well. This is where the patch comes in, it disables the multi-threading.
It's best to open a case with Support if you have these issues so they can guide you through patch installation process and issue resolution.
Best regards,
------------------------------
Nikola Milosavljevic
Security Consultant
------------------------------
Original Message:
Sent: 07-25-2020 10:21 PM
From: Chris Scott
Subject: PAM_DISABLE_MULTI_THREAD patch
Team,
I could not find any clear guidance on the PAM_DISABLE_MULTI_THREAD patch.
Under what circumstances should the "PAM_DISABLE_MULTI_THREAD patch" be applied.
Thanks
Chris