Data flows between PAM and the Identity Vault by using the Subscriber channel. The only data that flows by using the Publisher channel is modification of password events for any supported database, or application as part of the Password Check-in feature in PAM where the Password Check-in is delegated to Identity Manager.
The Publisher channel performs the following:
Reads events from PAM for the applications or database that are hosted on the server that the driver shim is connecting to.
Watches for a checked-in password.
Submits the modified password event information to the Identity Vault.
The Subscriber channel performs the following:
Watches for additions and modifications to the Identity Vault objects.
Makes changes to PAM that reflect those changes.
You can configure the driver so that Identity Vault is allowed to update a specific attribute on PAM. In this configuration, the most recent change determines the attribute value, except for merge operations that are controlled by the filters and merge authority.