Till Kaufmann
May 22, 2018
4:19 pm

Container - setMaximumFailedPasswordsForWipe / setMaximumFailedPasswordsForDeviceDisable

Hi fellow developers,
I'm investigating a bug of one of our customers, and stumbled across the following problem.
I searched in the API reference, but I couldn't find the necessary information there.

Before we create a KNOX container, we create a custom KNOX configuration type.
We clone the "knox-b2b" configuration type for that purpose.

To set the max failed passwords attempts for wipe we call the following function
KnoxConfigurationType.setMaximumFailedPasswordsForWipe(maximumFailedPasswordAttempts);

After the container has been created, I want to change the setting and use the code below.

PasswordPolicy pp = KnoxContainerManager.getPasswordPolicy();
pp.setMaximumFailedPasswordsForDeviceDisable(maximumFailedPasswordAttempts);

But the API isn't clear, I came to the conclusion that the two APIs set values for different thresholds.

My questions are:

1. Does KnoxConfigurationType.setMaximumFailedPasswordsForWipe() trigger a wipe of the whole device, or only the container ?

2. What is the "DeviceDisable" action set by setMaximumFailedPasswordsForDeviceDisable() ? Deletion or lock of the container ? Lock down of the whole device.

3. How can the value set by KnoxConfigurationType.setMaximumFailedPasswordsForWipe() changed after the container has been created ?

4. What's the difference between the action triggered by setMaximumFailedPasswordsForDeviceDisable() and setMaximumFailedPasswordsForWipe() ?

 

Similar topics

No similar topics found.
Kamil K.Samsung SEAP Moderator
May 28, 2018
1:10 pm

You can find answers below.

1. Does KnoxConfigurationType.setMaximumFailedPasswordsForWipe() trigger a wipe of the whole device, or only the container ?
- It will delete container

2. What is the "DeviceDisable" action set by setMaximumFailedPasswordsForDeviceDisable() ? Deletion or lock of the container ? Lock down of the whole device.
- block device when called for user 0/ block container when called for container

3. How can the value set by KnoxConfigurationType.setMaximumFailedPasswordsForWipe() changed after the container has been created ?
- Use setMaximumFailedPasswordsForWipe API from BasePasswordPolicy

4. What's the difference between the action triggered by setMaximumFailedPasswordsForDeviceDisable() and setMaximumFailedPasswordsForWipe() ?
- setMaximumFailedPasswordsForDeviceDisable - block device when called for user 0/ block container when called for container
- setMaximumFailedPasswordsForWipe - wipe device when called for user 0/ delete container when called for container