|
|
|
Values: Yes (default) or No
Description: Controls whether the EncryptedPassword global user attribute is stored and whether %P% rule variables are supported.
By default the Provisioning Server encrypts the global user password and stores it in the provisioning directory as a global user attribute named EncryptedPassword. When you later attempt to create an account for that global user using an account template with the %P% expression for the password rule, then the Provisioning Server decrypts the stored EncryptedPassword value and provides it to the endpoint type option as the initial Password attribute for the account being created.
However, if you will not be creating any accounts using account templates with %P% rule expressions, then you can improve security by not storing these passwords.
Note: By not storing the EncryptedPassword attribute, you are only giving up %P% rule evaluation. You can authenticate users by using the global user password. When the Store User Passwords parameter is set to No, the Provisioning Server stores a one-way hash of the password for use in authenticating user passwords during login.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |