Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000032683 - Increase the maximum length of a reserve password hash for the RSA Authentication Agent 7.x for Windows

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support on Jan 8, 2020

Version 6Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000032683
Applies To	RSA Product Set: SecurID RSA Product/Service Type: Authentication Agent for WIndows RSA Agent Version/Condition: 7.x
Issue	By default, the ReservePasswordHashGenerator creates an 80-character hash code, while the default Reserve Password domain policy takes a maximum of 79 characters. This article provides information on modifying the MAXLEN value of the reserve password hash so that it is allows for an additional character. Because of this discrepancy when the ADM\RSA Desktop\Local Authentication Settings\Reserve Password policy is enabled and the hash is set, the data pasted from the ReservePasswordHashGenerator to the Reserve Password text box does not fit, resulting in a non-functional reserve password. In the agent’s ADM templates, strings are allocated and stored in the registry as MAXLEN-1 because one character was needed to account for the trailing null that is needed when a string is written to the registry as a REG_SZ or REG_EXPAND_SZ. Microsoft Technet has an article entitled "Classic ADM file in Windows 2008: MAXLEN error," which says that the string in the text box is limited to this defined length, so the trailing null should be in addition to the value of MAXLEN and not built into it. Editing the attached RSA_Authentication_Agent.adm file will correct the MAXLEN value to accommodate the trailing null.
Resolution	To resolve this issue, follow the steps below: Download the RSA Authentication Agent for Microsoft Windows. Unzip the files in the archive and navigate to the RSA_Authentication_Agent_<version>\Policy Templates\adm folder. Open the RSA_Authentication_Agent.adm file in a text editor. Look for the line below: PART !!LAC_RESERVE_PASSWORD_LABEL EDITTEXT VALUENAME "ReservePassword" MAXLEN 80 Change the value for MAXLEN to 81, as shown: PART !!LAC_RESERVE_PASSWORD_LABEL EDITTEXT VALUENAME "ReservePassword" MAXLEN 81 Save and close the file. Download ReservePasswordHashGenerator zip file attached to this article and save it on a local Windows machine. Unzip the files in the archive and navigate to the appropriate folder based upon the Windows architecture (32- or 64-bit). Double click the installer and run the Windows install wizard. Click on Finish when the installation is complete. Go to Start > All Programs > RSA and click on the RSA Reserve Password Hash Generator, which opens a command prompt as shown: Enter a reserve password that meets the requirements and confirm the same to generate the 80-character reserve password hash. The 80-character reserve password hash generated using the ReservePasswordHashGenerator can now be entered Take the agent machine off the network to test the new reserve password.

Attachments

RSA_Authentication_Agent.adm.zip2.8 KB
ReservePasswordHashGenerator.rar3.1 MB

Outcomes

0 Comments

Recommended Content