Password Verification Event
Password verification event type messages indicate that a user failed to change his account's password.
capamsc141
Password verification event type messages indicate that a user failed to change his account's password.
Audit records in this event have the following format:
DateTime Status EventUserName DetailsReason AuditFlags
- DateIdentifies the date the event occurred.Format:DD MMM YYYYPrivileged Access ManagerEndpoint Management formats the date display according to your computer's settings.
- TimeIdentifies the time the event occurred.Format:HH:MM:SSPrivileged Access ManagerEndpoint Management formats the time display according to your computer's settings.
- StatusIndicates the return code for the event.Value:F (Failed)Failed to change the account password.
- Event TypeIdentifies the type of event this record belongs to.Privileged Access ManagerEndpoint Management refers to this field simply asEvent.
- User NameIdentifies the name of the user to which the password attempt was applied.
- DetailsIndicates why the password change attempt failed.The audit record you see in a non-detailed seaudit output displays a number in this field. This number is known as the password quality code. In a detailed output or inPrivileged Access ManagerEndpoint Management, the audit record displays the message associated with the password quality code. For a complete list of password quality codes, run seaudit -t.
- ReasonIndicates the reason thatPrivileged Access Managerwrote an audit record.This field does not display in a detailed seaudit output or inPrivileged Access ManagerEndpoint Management. The audit record you see in a non-detailed seaudit output displays a number in this field. This number is known as the reason code. For a complete list of reason codes, run seaudit -t.
- Audit FlagsIndicates whether the accessor is internal (Privileged Access Managerdatabase user) or an enterprise user.If the accessor is an enterprise user, the audit record you see in a non-detailed seaudit output displays the string "(OS user)" in this field. Otherwise, this field remains empty.
Example: Password Verification Event Message
The following audit record was taken from a detailed seaudit output.
02 Dec 2008 10:23:47 F PASSWORD test1 1 10 Event type: Password verification Status: Failed User name: test1 Details: Password too short Audit flags: AC database user
This audit record indicates that on December 2nd 2008, the user attempting to change his account password was denied because the password did not meet the minimum required number of characters, as defined by the password policy (authorization stage code 1Password too short).
Privileged Access Manager
logged this event message according to an explicit request (reason code 10An explicit request to log the operation was received).