E-mail threshold on failed password rotation with PAM
0 vote
When PAM is unable to rotate a password it's retrying this every minute after the failed attempt. Because of this we get alot of alerts (tonight I got 180 emails about this on one account).
I don't think this is how it should work. Is it possible to extend the retry or configure a threshold about the amount of mail Devolutions should send?
All Comments (10)
Hello,
Thank you for your request. I'm sorry to hear that. We will try to reproduce your issue and work on it to avoid emails. I agree with you, receiving 180 emails doesn't make sense. How long would you like to have between every retry ? It would reduce the email quantity, but I also think that we should avoid to resend a similar email in a short period.
We will post back here once we have an update.
Best regards,
François Dubois
I think it should be a configurable option in PAM for the retry option because this can be different for every organization.
Hello,
You're right, it could be different for every organization. Thank you for your reply.
Best regards,
François Dubois
Hi François,
Can you give a statusupdate?
I have some additional information. This behavior happens when an account is allready checked out by a user and because of this Devolutions can't rotate the password. I think there should be a check if the account is checked out. If this is the case there should be no password rotation until the next configured time period. If you rotate a password during the checked out period the account will be locked out because of active sessions with the old password.
It would be nice this will have some priority. This happens to us several times a week en at that moment my mailbox is filled with a large amount of messages.
Hello,
Thank you for the additional information. What causes the password rotation if the account is already checked out? Is it a scheduled rotation? Because I think you are right, the system should check if the account is checked out first before trying to reset it. I increased the priority to work on that as soon as possible. Thank you for your patience.
Best regards,
François Dubois
Yes, it's a scheduled password rotation within the PAM module.
Hello,
Thank you for your answer. We are investigating this. We will post back here once we have an update.
Best regards,
François Dubois
Hello,
We released version 2025.1.9.0 containing a fix for your issue. Please give it a try and let us know if it works for you.
Best regards,
François Dubois
Hi,
I can confirm version 2025.1.9.0. has fixed the issue :). Good do see it was possible to add this fix so soon!
Hello,
I'm glad to know that it works for you. Don't hesitate to post again if we can help.
Best regards,
François Dubois