Symantec Encryption Management Server 3.4.2 and above include additional password complexity/requirements. This article will go over the details on how this functionality works.
Releases of Encryption Management Server prior to 3.4.2 allow password complexity to be enabled using the steps in article 171746 but passwords do not expire.
Encryption Management Server 3.4.2 and above include additional password management features including password expiry. By default, administrator passwords expire every 60 days.
See the Symantec Encryption Management Server Administrator's Guide for full details but a summary of the new features are:
To modify the above settings, connect to Encryption Management Server using ssh and edit the
/etc/ovid/prefs.xml file. For instructions on connecting using ssh, please see article 153592. Alternatively, please contact Symantec Technical Support for assistance. The default settings are:
Once you make any of the above changes, restart pgpsysconf:
pgpsysconf --restart pgpuniversal
Changes to the
/etc/ovid/prefs.xml file usually replicate automatically to other cluster members but if you wish to force replication, run the following command:
pgprepctl file /etc/ovid/prefs.xml
Important Note: Make a backup of the /etc/ovid/prefs.xml file before making any changes and if there are any doubts in configuring the above, please contact Symantec Encryption Support for assistance.