Bug ID 440599: Added DB Variable to configure 'difok' variable in password policy

Last Modified: Apr 17, 2024

Affected Product(s):
BIG-IP TMOS(all modules)

Known Affected Versions:,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4, 15.0.0, 15.0.1,,,,, 15.1.0,,,,,, 15.1.1, 15.1.2,, 15.1.3,, 15.1.4,, 15.1.5,, 15.1.6,, 15.1.7, 15.1.8,,, 15.1.9,, 15.1.10,,,

Fixed In:

Opened: Dec 12, 2013

Severity: 3-Major


The difok variable enforces the number of characters that must differ between a user's old password and new password. Prior to this release, the number of characters that must differ was not configurable, and just stayed at the default value.


The number of characters that were required to differ between an old and new password were set by default and could not be configured.


Attempting to configure a required number of characters a new password must differ from the old.



Fix Information

This release adds a db variable that allows for configuration of the difok variable from TMSH using the command: modify /sys db password.difok value <value>

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips