Description: When set to Yes, CA IdentityMinder validates changes to global user passwords or synchronized account passwords against CA IdentityMinder password policies. Synchronized account passwords are the passwords for user accounts on endpoints for which the Disable Password Propagation property is disabled. Set the parameter Enforce Synchronized Account Passwords to Yes whenever Use External Password Policies is set to Yes. When this parameter is set to Yes, the Provisioning Server password rules that are applicable to users changing their own passwords (Password history checks and Minimum interval between self-changes) are no longer consulted.
Values: Yes (default) or No
Note: Even when integration with CA IdentityMinder password policies is enabled with this configuration parameter, the Provisioning Server uses its per-domain password profiles in various situations. In particular, Administrative password changes, initial global user passwords, changes to unsynchronized account passwords and generating temporary initial passwords all consult the Provisioning Server password profile. In addition, the Locking and Password Expiration features defined in the Provisioning Server password profile are always used. However, the Provisioning Server password profile rules that are applicable to users changing their own passwords (Password history checks and Minimum interval between self-changes) are not consulted when this configuration parameter is Yes.
|
Copyright © 2013 CA.
All rights reserved.
|
|