Error checking is implemented to guard against a password being set before the Hitachi ID Privileged Access Manager server is able to store the password value -- i.e., a PC or server can never get a new password for a privileged account while Privileged Access Manager is unable to store the password.

Consider a laptop on which the local Privileged Access Manager service determines that the time has come to change passwords:

If it simply changes passwords and then attempts to contact a central server to upload the new value, it may not manage to connect to Privileged Access Manager and consequently must either undo the password change or store the new password and periodically test for connectivity, in the hopes that the new password can be uploaded before anyone needs to use it.

To avoid this problem, Privileged Access Manager's "local service mode" mode of operation (used on laptops) works as follows:

  1. First, the laptop service connects to Privileged Access Manager and asks it to generate a new, random password for a privileged account.
  2. The laptop service then changes the password in the local security database and sends a confirmation message to Privileged Access Manager.
  3. Privileged Access Manager updates the password in its vault and replicates the update to all other Privileged Access Manager servers.

In the event that the Privileged Access Manager server did not receive a confirmation message -- for example in the event that the PC was suddenly turned off or disconnected -- it will retain both the old and new passwords. The new password is assumed to be current and the old password is archived.

As a fail-safe, all old passwords are retained in the vault. This is not only to support a fail-safe password change process, but also to be able to retrieve old password values in the event that a managed system is restored from archive media in the future.