Complexity check for Password Reset
Specifies whether Access Policy
Manager (APM) performs a password policy check.
APM supports these Active Directory password policies:
Maximum password age
Minimum password age
Password must meet
APM must retrieve all related password policies from the domain to make the appropriate
checks on the new password.
Because this option might require administrative privileges, the
administrator name and password might be required on the AAA Active Directory server
Enabling this option increases overall authentication traffic
significantly because APM must retrieve password policies using LDAP protocol and must
retrieve user information during the authentication process to properly check the new
Show Extended Error
When enabled, causes comprehensive error messages generated by the
authentication server to display on the user's logon page. This setting is intended only for
use in testing, in a production or debugging environment. If enabled in a live environment,
your system might be vulnerable to malicious attacks. (When disabled, displays
non-comprehensive error messages generated by the authentication server on the user's logon
Max Password Reset Attempts Allowed
Specifies the number of times that APM allows the user to try to
Prompt user to change password before expiration
Specifies whether to warn the user at a set time before the
password expires and provide the option to change the password.
Required Attributes (optional)
By default, the server loads all user attributes if no required
attributes are specified. However, system performance can improve if fewer attributes are
returned. Click the
Add New Entry
button to add a new attribute to
the Active Directory query action.