This document describes the character sets supported in password fields by each of the core CA Identity Manager components.
CA Identity Manager's support for passwords is spread across three major components: a) the Web interface, b) Provisioning Components and c) command-line tools and
- The Identity Manager server (Web interface) supports user passwords being provided in ASCII text format, and permits the use of high ASCII/ANSI characters in CR7 (or higher).
- The Provisioning Server's handling of passwords for Global Users is built upon LDAP libraries where UTF-8 (Unicode) is the internal representation. As a result, the Provisioning Server accepts passwords provided they are Unicode compliant. Non-English characters are used in QA testing for both login name and password.
The Provisioning Server however is designed to provision users (and their passwords) to many varying endpoint systems, where the supported password attributes may vary greatly in terms of character sets, minimum and maximum lengths, permissible characters, and many more considerations. Please review the CA Identity Manager connectors guide and your endpoint documentation for specific information.
- The Identity Manager command-line password tool, pwdtools, has the following restrictions:
- You can use any printable ASCII character in a password.
- If using pwdtools then you must observe all rules for command line syntax:
- The characters shown in the screenshot below have special meaning to command line parsing, and can only be used in if enclosed in double quotes (i.e. "password").
- The double quote character can be used, but must be specified twice if it is to be included in the actual password (i.e. "pass" "word" "01").
- If any password polices have been established, those policies may place additional restrictions on what are and aren't valid password characters.