When my employer shifted to 16+ character passwords while we were using v8.5, we found that on initial install the BL agent on Windows would create a strong 16 character password. However, when we attempted to use "chapw -r" to reset the passwords, it failed to meet password complexity requirements because it wouldn't set a password greater than 15 characters.
As of v8.9.01.68, the man page now says that the "-r" option will create a 16 character password, but my employer is asking for 24 character or longer passwords, especially on DMZ servers (if not everywhere).
We'd like to see a numeric option added to "-r" to be able to specify the password length for the randomized password. For example, perhaps "chapw -r24"?
My team could then run a job that executes "chapw" on every server at the desired interval and state to management that no one knows the password and it is different on every server in the enterprise, and perhaps most importantly that it has been updated at the required interval.