In the past, I have always observed that if I install a PIN dictionary in AM 8.x, and my PIN is listed in the dictionary and the dictionary is applied to my token policy, that I would be forced to change my PIN at the next login. The system keeps my PIN until I change it, but won't let me log in until I change it to a compliant PIN.
This morning at a customer site, they were working on a test system running AM 8.7.0.3.0, and the user had a PIN that looked like 12345. They installed the dictionary, and found that they could still log in, without being prompted to change their PIN. The dictionary is definitely working; new users cannot use dictionary PINs, and it will not let you change your PIN to another dictionary PIN.
As I said, I've always seen the system force anyone with a dictionary PIN to change it on the next login. Was it broken then, or is it broken now?
