PAM-CM-4126: Excluded special characters were specified at the end of the password.

book

Article ID: 207102

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

We are trying to update a password composition policy that has a list of Characters to Exclude defined. We updated the list of special characters accordingly for "Must Contain" and "First Must Contain". We are not using the "Last Must Contain" feature and just blanked out the list of special characters there. But when we try to save this policy like shown below, PAM pops up error "PAM-CM-4126: Excluded special characters were specified at the end of the password."

Cause

When a list of special characters is blank, PAM uses the default list, which includes characters like the pipe character and slash and backslash. This default list conflicts with the "Characters To Exclude" list.

Environment

Release : 3.4

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

Even if you are not using a particular special characters list in the PCP, make sure to enter a list there. Just a single character will do. E.g. just adding an exclamation mark "!" in the Special Last Characters Including field at the bottom right will allow you to save the above PCP. Since the checkboxes are not checked it will NOT imply that PAM will only use an exclamation mark as last special character. You can verify that by clicking on the Test button multiple times and checking the resulting password on top.