Symantec Privileged Access Management

 View Only
  • 1.  PAM_DISABLE_MULTI_THREAD patch

    Posted Jul 25, 2020 10:22 PM
    Team,

    I could not find any clear guidance on the PAM_DISABLE_MULTI_THREAD patch.

    Under what circumstances should the "PAM_DISABLE_MULTI_THREAD patch" be applied.

    Thanks

    Chris


  • 2.  RE: PAM_DISABLE_MULTI_THREAD patch

    Posted Jul 29, 2020 06:06 AM
    Hi Chris, 

    If you run a scheduled job in newer versions of PAM, the scheduled jobs will fail on the verification step(mostly). This is dependent on how many accounts you have, so if you have a lot of accounts it will fail to verify the passwords after they have been changed and in some cases the password update would not be reflected in PAM itself.

    This appears to be related to the multi-threading implemented in said newer versions for password rotation using scheduled jobs. The scheduled jobs might work if you have very few accounts but the results could be unpredictable then as well. This is where the patch comes in, it disables the multi-threading.

    It's best to open a case with Support if you have these issues so they can guide you through patch installation process and issue resolution.

    Best regards,

    ------------------------------
    Nikola Milosavljevic
    Security Consultant
    ------------------------------