Previous Topic: How a Password Consumer Gets a Password on Demand

Next Topic: Implementation Considerations for Password Consumers

Enterprise Administration GuidePlanning Your PUPM ImplementationPassword ConsumersHow PUPM Notifies a Password Consumer of a Password Change

How PUPM Notifies a Password Consumer of a Password Change

PUPM forces a password change for a password consumer when a password change event occurs in CA Access Control Enterprise Management, for example, when a password policy specifies that a password must change after a fixed length of time. CA Access Control Enterprise Management uses the JCS to communicate with password consumers that get passwords on password change.

Only Windows Scheduled Task and Windows Service password consumers get passwords on password change.

Note: You do not need to install CA Access Control on the PUPM endpoint to use password consumers that get passwords on password change.

The following process explains how PUPM notifies password consumers of a password change:

  1. A password change event generates a new password.
  2. CA Access Control Enterprise Management searches the central database for password consumers that use the password.
  3. The JCS logs in to each affected endpoint using the administrator credentials that you supplied when you created the endpoint.
  4. The JCS tries to change the password of the password consumer on the endpoint. One of the following happens:
  5. CA Access Control Enterprise Management writes an audit record for the password change.

    Note: You use View Submitted Tasks to view PUPM audit records. If the JCS cannot change the password of a password consumer, you can use Synchronize Password Consumers to retry the password change.

More information:

Synchronize Password Consumers