Previous Topic: Advanced Password Services (APS) GuideNext Topic: Advanced Password Services Capabilities

Advanced Password Services (APS) GuideAPS Introduced

APS Introduced

Passwords are the earliest and most common security and user verification mechanism; password cracking is the most common security hazard. The careless use and maintenance of passwords represents the greatest threat to the security of a network.

SiteMinder is designed to protect resources on your network, on the Internet, and on corporate intra- and extranets. SiteMinder authenticates users by interfacing to one or more user directories or Directory Services. SiteMinder can authenticate users stored in Windows NT Domains, LDAP-based directories (such as iPlanet’s Directory Server), and several external relational databases. Interfaces to new Directory Service Providers are always under development, so you should contact your CA sales representative for support for other Directory Providers.

Passwords are stored in each directory, associated with each user. Most Directory Service Providers can enforce limitations on the content of passwords (password content policies) and can control the lifetime of passwords (password lifetime policies) and user accounts (account lifetime policies) to varying degrees. These controls are collectively called password policies.

Policies implemented by Directory Services Providers do not always fulfill a site's security requirements and using more than one directory service can create inconsistencies between directories. This can cause administrative headaches.

CA offers a SiteMinder add-on module to help administrators implement and enforce robust, consistent, flexible, and comprehensive password policies across multiple directories: Advanced Password Services (or APS).

This component can greatly enhance your web site’s security by forcing your users to conform to administrator-defined rules for what a password should consist of and to control when, how, and how often a password must be changed.

SiteMinder Version 4.1 (and later) provides a feature called Password Services. This functionality is based on early versions of APS. It contains some of the basic functions provided by these earlier versions. Advanced Password Services 18 Introduction SiteMinder APS Administrator’s Guide - 5.5 provides considerable additional functionality, plus the ability to extend this functionality for your site.

This section contains the following topics:

Advanced Password Services Capabilities

SiteMinder (Basic) Password Services & Advanced Password Services