Values: Yes (default) or No
Description: Controls whether the EncryptedPassword global user attribute is stored and whether %P% rule variables are supported.
By default the Provisioning Server encrypts the global user password and stores it in the provisioning directory as a global user attribute named EncryptedPassword. When you later attempt to create an account for that global user using an account template with the %P% expression for the password rule, then the Provisioning Server decrypts the stored EncryptedPassword value and provides it to the endpoint as the initial Password attribute for the account being created.
However, if you will not be creating any accounts using account templates with %P% rule expressions, then you can improve security by not storing these passwords.
Note: By not storing the EncryptedPassword attribute, you are only giving up %P% rule evaluation. You can authenticate users by using the global user password. When the Store User Passwords parameter is set to No, the Provisioning Server stores a one-way hash of the password to authenticate user passwords during the login.
|
Copyright © 2013 CA.
All rights reserved.
|
|