I need a document that describes how and why the PAM application chooses to the maximum password length of the PCP and not pick the minimum or random number.

For example if the Password Composition Policy is set to minimum length 4  and maximum 16, PAM always creates the password with 16 characters.

Release : all

The minimum and maximum values are set to match the settings in the target machine we will be rotating passwords but when PAM generates a password we always generate to the maximum for a higher level of security and complexity.  The minimum value is evaluated when initially onboarding the account and on any manual synchronization done after the account has been onboarded. The only time that minimum value may be useful is if you want to manually add a specific password to the PAM system otherwise it is irrelevant since we would end up reducing the complexity of a randomly generated password if we generated with the minimum value.