IBM Security Verify

 View Only
Expand all | Collapse all

ISAM - Password Policy Enforcement

  • 1.  ISAM - Password Policy Enforcement

    Posted Tue March 02, 2021 07:04 AM
    Edited by Mukesh Bhati Tue March 02, 2021 09:36 AM
    Hello Team,

    I have configured the password policy on LDAP to store the last 5 passwords in history.

    Effective password policy for XYZ user

    The effective password policy is calculated based on the following entries:
    cn=scbgroup,CN=IBMPOLICIES
    cn=pwdpolicy,cn=ibmpolicies

    The effective password policy is:
    ibm-pwdPolicyStartTime=20210302095312.046897Z
    pwdInHistory=5
    pwdCheckSyntax=0
    pwdGraceLoginLimit=0
    pwdLockoutDuration=0
    pwdMaxFailure=0
    pwdFailureCountInterval=0
    passwordMaxRepeatedChars=0
    passwordMaxConsecutiveRepeatedChars=0
    pwdMaxAge=3888000
    pwdMinAge=0
    pwdExpireWarning=0
    pwdMinLength=8
    passwordMinAlphaChars=1
    passwordMinOtherChars=1
    passwordMinDiffChars=0
    ibm-pwdPolicy=true
    pwdLockout=false
    pwdAllowUserChange=true
    pwdMustChange=false
    pwdSafeModify=false
    ibm-pwdGroupAndIndividualEnabled=true

    From pdadmin utility, if we try to change the password with the same password then its throws the error i.e policy violation
    > user modify XYZ password Passw0rd@1
    Could not perform the administration request
    Error: HPDIA0300W Password rejected due to policy violation. (status 0x1321212c)

    but when I try to change the password from infoMap with the changePassword(oldPassword,newPassword) method from com.ibm.security.access.user.User Class. then password policy is not enforced.

    why the password policy is not enforced if we change the password from infoMap?

    can anyone help me with the same?

    ------------------------------
    Mukesh
    ------------------------------