Subscribe

Setting a password with Set-NaUserPassword not possible when the password is longer than 16 characters.

Hello everybody,

when I try to set a user password with the CMDlet Set-NaUserPassword, it is not possible to set a password that is longer than 16 characters. Using a password with 16 characters or less works fine. In contrast, setting a password with Set-NaUserPassword that has 17 or more characters produces no error, but a logon with that password is not possible. When I try to change that 17 characters long Password with the CLI Set-NaUserPassword -User test -OldPassword 17characters_long_password -NewPassword new_password, the command fails with the error message "Set-NaUserPassword : Password authorization failed. Error: User not authenticated".

Does anyone has an explanation of this behavior?

Thanks in advance

Hans-Juergen

Re: Setting a password with Set-NaUserPassword not possible when the password is longer than 16 characters.

Hi Hans-Juergen

There are limits to the length of local auth passwords. I have had inconsistent results authenticating via API using AD accounts with very long passwords. Local users have a maximum in the region you are using however (14-16). I don't have the references for you right now but check the man pages for options security min password length etc. The value basis depending on logon method; SSH, API etc.