PAM -- Default Password Composition Policy (PCP) Rules
search cancel

PAM -- Default Password Composition Policy (PCP) Rules


Article ID: 214302


Updated On:


CA Privileged Access Manager (PAM)


If we don't specify the password composition policy and keep it to none. What will be the default password policy that PAM will use? Since the default Password Composition Policy in the PAM admin console is not displayed where can this policy be found or if there is some documentation as to how PAM is rotating the credentials with its composition by setting it to default/none.

Especially why do the generated passwords (Either using Scheduled Job or when a new credential generated using PAM) take into account the MAX password length and not with the MIN and MAX password length?


Release: 3.3.x, 3.4.x, 4.x and higher releases



All credentials created with the password composition policy defined as "--- None---"  will follow the default password composition policy. 


The "default" Password Composition Policy (PCP) is applied to any target applications set to the value of "--- None ---" including the "Generic" target application type.

This includes the values below which is also the starting values when creating a custom PCP.

Note 1: These default values are not customizable so for any values other than these you will need to create a custom Password Composition Policy and assign that to the desired target application.

Note 2: The first value entered in for a credential may bypass the PCP values allowing for a non-standard password to be entered but all subsequent password generated or entered must follow all composition rules.


1620191205172__PCP.JPG get_app