Hi Jeff, I am not aware of a limit. This is a configuration on the RSA side. Typically you enter a string "PIN + Token" in the password field. PAM would not know which part is the PIN and which the token, the RSA server will. In our test environment we use a 5-digit PIN.