Symantec Privileged Access Management

 View Only
  • 1.  Settings on credential manager

    Broadcom Employee
    Posted Jun 16, 2020 10:52 AM
    Would someone have a document listing the minimum and maximum setting range for credential manager on PAM. I need things like max password length and range of password expiry.

    Documentation mentions only the features not their ranges.

    Thanks


  • 2.  RE: Settings on credential manager

    Broadcom Employee
    Posted Jun 17, 2020 09:56 AM
    Is this what your looking for? 

    https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-4/implementing/protect-privileged-account-credentials/set-up-password-composition-and-view-policies/construct-password-composition-policies.html

    Or are you looking for what range of values PAM allows for min/max password length?  For that you might need to do some testing.  Considering that the password field can also be used for encryption keys, I suspect the upper range is in the thousands of characters but I have never tried anything nearly so large.


  • 3.  RE: Settings on credential manager

    Broadcom Employee
    Posted Jun 17, 2020 10:23 AM
    Thanks for the information, but already have that. Apart from notes on the limits imposed by external applications, I need to know what is the min and max of all password information that PAM supports.

    e.g. What is the maximum length password that PAM supports and the max amount of days until password change.


  • 4.  RE: Settings on credential manager
    Best Answer

    Broadcom Employee
    Posted Jun 17, 2020 11:26 AM
    A quick test shows that the maximum length field in the password composition policy is limited to a max of 255.
    Minimum length is 1

    Considering that every target application will have a composition policy assigned, and that it validates any password entered against said policy, it is pretty safe to say that the maximum is 255 characters.

    The "Maximum Password Age Days: field let me enter 15 nines (999,999,999,999,999)... on the 16th it changed the number to 10,000,000,000,000,000, but it would still let me add zeros after that, even converting the number entered to scientific notation.   I estimate the upper limit is somewhere in the neighborhood of the end of the universe.