APS is configured using a standard text editor. Configuration settings are stored in a file called APS.cfg. Under Windows, this file must be located in the same directory as the SmAPS library. Under Solaris, this file is pointed to by the APS_SETTINGS environment variable. This environment variable points to the file itself, not just the directory containing the file.

Under Solaris, if the APS_SETTINGS environment variable is not set, APS will look for the file at $SMHOME/siteminder/bin/APS.cfg.

The configuration file controls all of the behavior of APS and the required formation of passwords during the password change function.

If the file does not exist, an error is logged and default settings will be used. If any parsing errors occur, errors will be written to a file with the same name as the APS.cfg file, with the date and .LOG appended to the file name. This file will be placed in the same location as the APS.cfg file. If the process does not have the rights to create this file, no file will be created.

The APSTestSettings utility will display the settings from this file that apply to a specific user (or, if no argument is supplied to APSTestSettings, the general configuration settings). If the file is changed, APSTestSettings can be used to test the new file, since the file will be parsed and any errors encountered will be logged.

Note: The decision to use a flat file for configuration was a deliberate one. In the years of working in these environments, we have discovered that password policies are essentially static, they very rarely change and when they do, they are changed in a development environment, fully verified, then rolled out into production. By using flat files, this rollout and all of the associated change control becomes trivial to implement.