Previous Topic: Encrypt Passwords Stored in the Directory

Next Topic: Operational Attributes for User Accounts

Use a Password Proxy User

Some applications implement password policy by binding as a single user. All password comparisons and modifications are then performed by that user on behalf of all users. This can be used because SSL is expensive to establish, which means that allowing each user to create an SSL connection may be impractical.

This means that if someone binds as a different user for account administration reasons, password checks and changes to password policy are ignored.

To apply password policies to a proxy user

  1. Create an account in the directory for the password proxy user.
  2. Use the following command to identify this account as the password proxy user:
    set password-proxy-user = DN;
    

    When an application binds as this password proxy user, the password policy is applied to password compares and modifications.

More information:

set password-proxy-user Command


Copyright © 2009 CA. All rights reserved. Email CA about this topic