Bug ID 440599: Added DB Variable to configure 'difok' variable in password policy

Last Modified: Jan 06, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4, 15.0.0, 15.0.1,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,

Fixed In:

Opened: Dec 12, 2013
Severity: 3-Major


The difok variable enforces the number of characters that must differ between a user's old password and new password. Prior to this release, the number of characters that must differ was not configurable, and just stayed at the default value.


The number of characters that were required to differ between an old and new password were set by default and could not be configured.


Attempting to configure a required number of characters a new password must differ from the old.



Fix Information

This release adds a db variable that allows for configuration of the difok variable from TMSH using the command: modify /sys db password.difok value <value>

Behavior Change