Implementation Guide › Architectural Considerations › Implementation Considerations › Identify Password Management Options › Password Policy Considerations

Password Policy Considerations

If you plan to implement password policies in your enterprise, consider the following:

• SiteMinder needs read and write access to the user directory, including exclusive use of several attributes within that directory to store passwords and password–related information.
• Password policies can affect SiteMinder performance because of the additional user directory searches required to validate passwords. Password policies that are configured to search only part of a user directory, instead of the entire directory, can also affect performance.
• If your user directory has a native password policy, this policy must be:
  • Less–restrictive then the SiteMinder password policy or
  • Disabled

  Otherwise the native password policy accepts or reject passwords without notifying SiteMinder. Consequently, SiteMinder cannot manage those passwords.

• If you use password policies on multiple Policy Servers, the system times of all the servers must be synchronized to avoid disabling accounts or forcing password changes prematurely.

  Note: For more information, see the SiteMinder Policy Server Configuration Guide.