Thanks to CSM Kelly Farr, it looks like it's coming from this Canvas update back in January:
https://community.canvaslms.com/docs/DOC-8731-canvas-production-release-notes-2017-01-07#jive_conten...
"Even though CAS/LDAP authentication is in place, CanvasAuth is still present and still stores passwords (even if they are never used). When Banner attempts to create new accounts for the users affected by this issue, it's attempting to pass Passwords for CanvasAuth into the Canvas database. Since these passwords do not meet the 8-Character length requirement, Canvas then must reject the entire user creation request.
I've reached out to one of our SIS/Banner specialists here at Instructure, and they shared these instructions on their understanding of how you can configure Banner to avoid this going forward.
When selecting from the student table (SGBSTDN) or Instructor/Employee table (SIBINST/PEBEMPL).
If they want to stop sending passwords, they are called pins in Banner, so they need to exclude selecting from the (GOBTPAC_PIN) table.
If they need to update those pins/passwords if they're not long enough.
Authorized administrative users can mass-assign PINs for a group of persons by using
the PIN Creation Process (GURTPAC).
When mass-assigning, they then need to make sure that they are choosing a field that is longer than 8 characters. That may mean concating (combing) multiple values from the Student/Teacher/Staff table to ensure this. So maybe it could be DOB+ID_number.
PIN preferences that set a default PIN are also controlled in the (GUAPPRF) record."
I'm going to send this off to our Banner dba and see if we can configure it.
This discussion post is outdated and has been archived. Please use the Community question forums and official documentation for the most current and accurate information.