Symantec Access Management

  • 1.  CA Directory Password Policy

    Posted Aug 06, 2018 11:15 AM

    Hi,

     

    I have enabled the CA Directory password by copying the default.dxc, modifying it by adding -

    # password policy
    set password-policy = true;
    set password-username-substring = true;
    set password-min-length = 8;

    - renaming it to <dsa-instance-name>.dxc in the DXHOME/config/settings

    - modifying the operational settings in the initialization file <dsa-instance-name>.dxi under the DXHOME/config/servers

     

    But when I change password of a user to 3 chracters in JXweb, it is alllowing me to change. According to the password policy it should not allow because the minimum password length is 8 characters.

     

    Please help!


    Regards-

    Yashpal



  • 2.  Re: CA Directory Password Policy

    Broadcom Employee
    Posted Aug 07, 2018 01:45 PM

    Hi Yashpal,

     

    All steps you mentioned above are correctly done except I don't see a mention of restart of DSA in question. For the config to be effective (specially when it comes to Password Policy settings) a restart is a MUST. From the surface, it seems like the only steps missed out was a restart so the newly created SETTINGS .dxc file is not being read in by the DSA.

     

    If I am correct, try restarting and testing again. If it still fails, I would recommend to open a support case to troubleshoot this further.

     

    Thanks,

    Hitesh



  • 3.  Re: CA Directory Password Policy

    Posted Aug 07, 2018 01:52 PM

    Hi Hitesh,

     

    Forgot to mention but I have restarted the DSA. Is there any way we can make it work?

     

    Thank you,

    Yashpal



  • 4.  Re: CA Directory Password Policy

    Broadcom Employee
    Posted Aug 07, 2018 01:57 PM

    Hi Yashpal,

     

    Thanks for the confirmation. I have never seen this fail so there has to something simple that is being overlooked. I am sure a support case will help for a quick resolution once I/we see exactly what is going on. If you don't mind, I would recommend a support case.

     

    Thanks,

    Hitesh



  • 5.  Re: CA Directory Password Policy
    Best Answer

    Broadcom Employee
    Posted Aug 07, 2018 03:35 PM

    Hi Yashpal,

     

    Is it possible that you are not logged in as that user itself and changing his/her password? i.e changing the password as an admin user or some other user? If yes, that might explain this behavior. In that case, you may want to follow what is mentioned below and see if that helps.

     

    set password-enforce-quality-on-reset Command - CA Directory - 14.0 - CA Technologies Documentation 

     

    Thanks,

    Hitesh



  • 6.  Re: CA Directory Password Policy

    Posted Aug 07, 2018 03:55 PM

    Thank you Hitesh, it worked.

     

    Regards-

    Yashpal