Symantec Access Management

  • Private Community

  • 1.  Unable to set Password Policy in CA Directory

    Posted Jan 16, 2018 07:17 AM

    For setting password policy , I have done following changes in  DXHOME/config/knowledge/serverName.dxc

     

    set password-policy = true; set password-min-length = 7; set password-alpha = 3; set password-numeric = 3; set password-history = 2;

    After making these changes password policies are not applied i.e, even if password length is 3 it is working but ideally it should not work.
    Is there something i'm missing in configuration or do i need to update some other files. 



  • 2.  Re: Unable to set Password Policy in CA Directory

    Posted Jan 16, 2018 09:12 AM

    Pradhap Pradhap1125

     

    Could you explain how you are testing the applied password policy. If the user already has a pre-existing password that'll continue to work even after the Password Policy is applied. When you try to change a password, at that moment the new Password Policy would apply.

     

    Having said the above, you are stating "even if password length is 3 it is working but ideally it should not work". If it is Password Rule for length that we'd like to apply then we should be defining the below. Did we restart the DSA after the configurations were applied ?

     

    https://docops.ca.com/ca-directory/12-6/en/administrating/manage-user-accounts-and-passwords/create-a-password-policy/how-to-configure-password-quality-rules#HowtoConfigurePasswordQualityRules-SetPasswordLength

     

    Set Password Length

    To set the length of new passwords, use one or both of these commands:

    set password-max-length = number-chars | 0;  set password-min-length = number-chars;

     

     

    Regards

    Hubert



  • 3.  Re: Unable to set Password Policy in CA Directory

    Posted Jan 16, 2018 09:28 AM

    Dear Hubert,

    After making changes to password policy, for testing i'm adding new entity, for that entity when i am giving password of length 3 it is getting added successfully which ideally should not happen.

     

    Note : I have restarted dsa after setting password policy.

     

    I am using same mentioned command for setting password length.

    set password-max-length = number-chars | 0;

    set password-min-length = number-chars;  

    but it's not reflecting. Please Help 

    Regards, 
    Pradhap



  • 4.  Re: Unable to set Password Policy in CA Directory

    Posted Jan 16, 2018 09:59 AM

    Thank You Pradhap Pradhap1125

     

    Could we add the Password Policy Configurations in the settings configuration file.

    $DXHOME/config/settings/instance.dxc

    Refer to help file.....

    $DXHOME/config/settings/settings.help

     

    Please remove the Password Policy Configuration from DXHOME/config/knowledge/serverName.dxc

     

     

    NOTE

    Check your 'server initialization file' which 'settings configuration file' is being loaded.

     

    Initialization File : $DXHOME/config/server/instance.dxi

    Check "Operational Settings" section. We should see a section as below. Edit that file and add Password Policy configuration.

    # operational settings
    source "../settings/sstore.dxc";

     

    Regards

    Hubert



  • 5.  Re: Unable to set Password Policy in CA Directory
    Best Answer

    Broadcom Employee
    Posted Jan 17, 2018 12:11 PM

    This was reported in support case 00936570 and has been addressed.