The Password Synchronization Agent is initially configured during installation and can be reconfigured at any time using the Password Synchronization configuration wizard. Further configuration is possible. For example, you can change settings for password quality checking or modifying timeouts, using the eta_pwdsync.conf file.
This file is located in the password_sync_folder\data\ folder. All keys in this configuration file are set during the installation of the Password Synchronization Agent. Therefore, change these keys only if necessary. See the text in this file for more information.
Important! As a precaution, create a backup of the configuration file before editing it.
[Server] Section
|
Key |
Description |
Default |
|---|---|---|
|
host |
Specifies the domain server that manages password propagation. |
None |
|
port |
Specifies the LDAP listening port of the Provisioning Server. |
20411 |
|
use_tls |
Specifies whether TLS/SSL is used to secure communication between the Password Synchronization Agent and the Provisioning Server. |
Yes |
|
admin_suffix |
Specifies the domain suffix of the administrative user that the Password Synchronization Agent uses to log in to CA IdentityMinder. |
None |
|
admin |
Specifies the account name of the administrative user that the Password Synchronization Agent uses to log in to CA IdentityMinder. |
None |
|
password |
Specifies the password for the account name specified in the admin key. |
None |
[eTaDomain] Section
|
Key |
Description |
Default |
|---|---|---|
|
Domain |
Specifies the Provisioning domain where you installed the Password Synchronization Agent. |
None |
|
etrust_suffix |
Specifies the suffix for the entire CA IdentityMinder product. |
None |
|
domain_suffix |
Specifies the domain suffix for the Provisioning domain. |
None |
|
endpoint type |
Specifies the endpoint type where you installed the Password Synchronization Agent. |
None |
|
endpoint |
Specifies the endpoint for which the Password Synchronization Agent intercepts passwords. |
None |
|
endpoint_dn |
Specifies the Distinguished Name of the endpoint. |
None |
|
container_dn |
Specifies the Distinguished Name of the container that contains the accounts whose passwords are being changed. |
None |
|
acct_attribute_name |
Specifies the attribute name of the account, for example, eTN16AccountName for Windows NT. |
Depends on the endpoint type |
|
acct_object_class |
Specifies the objectClass of the accounts. |
Depends on the endpoint type |
[PasswordProfile] Section
|
Key |
Description |
Default |
|---|---|---|
|
profile_enabled |
Specifies whether the password profile checking feature is enabled. |
No |
|
profile_dn |
Specifies whether the Password Configuration Wizard generates a DN for the password profile. |
eTPasswordProfileName=Password Profile,eTPasswordProfileContainerName=Password Profile,eTNamespaceName=CommonObjects,dc=cai,dc=eta |
[Timeout] Section
|
Key |
Description |
Default |
|---|---|---|
|
search_acct_dn |
Specifies the timeout value when searching for the account DN. |
120 seconds |
|
pwd_update |
Specifies the timeout value when propagating passwords. |
400 seconds |
|
pwd_quality_check |
Specifies the timeout value (in seconds) when performing password quality checking. |
1 |
[Logs] Section
|
Key |
Description |
Default |
|---|---|---|
|
log_file |
Specifies the log file that contains logged messages from the Password Synchronization Agent. |
..\Program files\CA\Identity Manager Password Sync Agent |
|
log_level |
Specifies the level of logging. Valid values are: 1--Init file 2--Password update success or failure 3--Connection debugging 4--Tracing |
0, for no logging |
|
Copyright © 2013 CA.
All rights reserved.
|
|