Passwords are encrypted before they are stored in the directory. This prevents the possibility of interrogating the directory directly for the value of any passwords.
For more information about encryption algorithms, see Password Storage.
Passwords are always single-valued. This means that an administrator cannot add a secret value and use this as an unpublished entry point into the DSA.
Password logins are secure only if each person can change only his or her own password. Ensure that you set access controls so that each user can update only their own password. Also, ensure that administrators are allowed to update any user password.
Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |