PAM -- Default Password Composition Policy (PCP) Rules
Article ID: 214302
Updated On:
Products
Issue/Introduction
If we don't specify the password composition policy and keep it to none. What will be the default password policy that PAM will use? Since the default Password Composition Policy in the PAM admin console is not displayed where can this policy be found or if there is some documentation as to how PAM is rotating the credentials with its composition by setting it to default/none.
Especially why do the generated passwords (Either using Scheduled Job or when a new credential generated using PAM) take into account the MAX password length and not with the MIN and MAX password length?
Environment
Release: 3.3.x, 3.4.x, 4.x and higher releases
Component: PRIVILEGED ACCESS MANAGEMENT
Cause
All credentials created with the password composition policy defined as "--- None---" will follow the default password composition policy.
Resolution
The "default" Password Composition Policy (PCP) is applied to any target applications set to the value of "--- None ---" including the "Generic" target application type.
This includes the values below which is also the starting values when creating a custom PCP.
Note 1: These default values are not customizable so for any values other than these you will need to create a custom Password Composition Policy and assign that to the desired target application.
Note 2: The first value entered in for a credential may bypass the PCP values allowing for a non-standard password to be entered but all subsequent password generated or entered must follow all composition rules.
Attachments
Feedback
