search cancel

PAM -- Default Password Composition Policy (PCP) Rules

book

Article ID: 214302

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

If we don't specify the password composition policy and keep it to none. What will be the default password policy that PAM will use? Since the default Password Composition Policy in the PAM admin console is not displayed where can this policy be found or if there is some documentation as to how PAM is rotating the credentials with its composition by setting it to default/none.

Especially why do the generated passwords (Either using Scheduled Job or when a new credential generated using PAM) take into account the MAX password length and not with the MIN and MAX password length?

Environment

Release: 3.3.x, 3.4.x, and higher releases

Component: PRIVILEGED ACCESS MANAGEMENT

Cause

All credentials created with the password composition policy defined as "--- None---"  will follow the default password composition policy. 

Resolution

The "default" Password Composition Policy (PCP) is applied to any target applications set to the value of "--- None ---" including the "Generic" target application type.

This includes the values below which is also the starting values when creating a custom PCP.



Note 1: These default values are not customizable so for any values other than these you will need to create a custom Password Composition Policy and assign that to the desired target application.

Note 2: The first value entered in for a credential may bypass the PCP values allowing for a non-standard password to be entered but all subsequent password generated or entered must follow all composition rules.

Attachments

1620191205172__PCP.JPG get_app