search cancel

Maximum value that can be specified for the maximum number of password characters (max_len)

book

Article ID: 200353

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

We have received questions from our customers regarding password management for PIM.

Example:


Setoptions password (min_life (0) history (0) interval (40)
Rules (min_len (4) sub_str_len (0) max_len (8) alpha (0) alphanum (0)
Numeric (0) uppercase (0) lowercase (0) special (0) max_rep (0) grace (6)
Namechk oldpwchk bidirectional- use_dbdict))

In PIM, the minimum number of characters (min_len) and the maximum number of characters (max_len) of the password can be specified as in the above example.
Please check the maximum value that can be specified for "max_len" in the PIM password rule.

Cause

This is a query regarding the max_len value that is part of the password policy.

Environment

Product & Version: PIM r12.8 / PAMSC r14.0, r14.1

Component: CA ControlMinder

Resolution

- The max_len() value always has to be larger than the value that is passed in min_len()

- We don't have a limit on the highest value that can be passed to max_len(), it's data type is 'int', and the maximum value it can take is the value for 'int' supported on the particular OS.

- You need to make sure that the max_len() value passed is in sync with the highest value that the native OS supports for maximum password length, else the password stored at the OS will be shorter than the password stored in PIM.