search cancel

Updating PWD_CONTAINS_* and PWD_LENGTH_* explanation of behavior for current users

book

Article ID: 254326

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine CA Automic One Automation

Issue/Introduction

What happens to current users when PWD_CONTAINS_* or PWD_LENGTH_* are updated in UC_CLIENT_SETTINGS and that USER'S password doesn't match the updated requirements?

I.e. if PWD_CONTAINS_NUMBER is set to Y, what would happen to any existing accounts that did not have a number? 


Environment

Release : All

Resolution

If the PWD_CONTAINS_* or PWD_LENGTH_* variables are updated while a user's current password does not meet those requirements, their password will not require those until the next update of their password.   That update can be through a forced password change (an Admin can do this by checking the "User must change password at next login" checkbox on the user object) on the user object or through their password expiring.

For the following situation:

A user has an alpha only password before PWD_CONTAINS_NUMBER is set to Y
Admin sets PWD_CONTAINS_NUMBER to Y

The following will happen:
The user can still login with their current alpha only password
The user will not automatically be prompted to update their password
If someone like an admin changes the user's password on their user object, they will need to have a number in the new password
If someone sets the user's "User must change password at next login", when they're prompted to change their password on next login, they'll need to have a number in their new password
If the user's password expires and they're prompted to change their password, they'll need to have a number in their new password