Topic
  • 2 replies
  • Latest Post - ‏2012-12-06T01:26:31Z by SystemAdmin
SystemAdmin
SystemAdmin
9855 Posts

Pinned topic Enforcing Password Complexity Rules with DPRA

‏2012-12-06T00:28:31Z |
Hi All,

I'd like to know if the DPRA has the capability to enforce the password complexity/reuse rules configured in ITIM on the spot.

Does the DPRA check the new password string against the password complexity and reuse policies in ITIM or does it simply send the new password string requested by the user to ITIM, which will then apply the policies in the background, essentially hidden from the user?

For example, if the minimum length of a user password is configured to be 8 characters in ITIM and the user uses the DPRA to try to set a password that is only 6 characters long, will the DPRA display an error message, disallowing the new password or will the new non-compliant 6 character be accepted by the DPRA, sent to ITIM and failed by ITIM, with no failure notification displayed to the user?

Please advise.

Thanks in advance.

More later...

Z.
Updated on 2012-12-06T01:26:31Z at 2012-12-06T01:26:31Z by SystemAdmin
  • Dr.Strangelove
    Dr.Strangelove
    140 Posts

    Re: Enforcing Password Complexity Rules with DPRA

    ‏2012-12-06T00:42:32Z  
    DPRA simply sends the new password string requested by the user to ITIM.
  • SystemAdmin
    SystemAdmin
    9855 Posts

    Re: Enforcing Password Complexity Rules with DPRA

    ‏2012-12-06T01:26:31Z  
    DPRA simply sends the new password string requested by the user to ITIM.
    So what happens if the password string requested by the user does not comply with the password policies configured in ITIM?

    How is the user notified, if at all?

    Thanks in advance.

    More later...

    Z.