Topic
  • 3 replies
  • Latest Post - ‏2018-08-12T21:42:19Z by JA5HVICU3
JA5HVICU3
JA5HVICU3
2 Posts

Pinned topic Big several erhistoricalpassword attributes kept by LDAP ISIM

‏2018-08-08T17:33:24Z |

Hello, hope you can guide me to find the best option.

 

Analzying and reviewing the LDAP ISIM, the size has increment allot in the last months (i ment the size of the database). Looking for a way to decrease the size of the LDAP Database, i found that it cuold be posible to keep several history password for a user. Beeing more specific, testing with a user, i changed the password 20 times in the ISIM console; the password were replicated OK and where saved in the DIT of LDAP for every entry account of the user, increazing the size of the entry.

 

FOR EXAMPLE

==========================

USER ITIM ACCOUNT

erhistoricalpassword: password20

erhistoricalpassword: password19

.

.

.

erhistoricalpassword: password1

 

USER AD ACCOUNT

erhistoricalpassword: password20

erhistoricalpassword: password19

.

.

.

erhistoricalpassword: password1

==========================

Is there a way to configure in ISIM, to kept only 10 historical password or a lower number?

 

Regards in advance.

  • Sanjay Sutar
    Sanjay Sutar
    187 Posts

    Re: Big several erhistoricalpassword attributes kept by LDAP ISIM

    ‏2018-08-09T08:10:18Z  

    Is password synchronization enabled in your environment? (Its in seucrity properties on ISIM console)

    Also you can set password history length in password policy.

  • franzw
    franzw
    474 Posts

    Re: Big several erhistoricalpassword attributes kept by LDAP ISIM

    ‏2018-08-12T18:40:00Z  
    This reply was deleted by JA5HVICU3 2018-08-12T21:37:34Z.

    IMHO you are chasing a wrong rabbit....

    If you look at from a mere space view a reduction from 20 to 5 historical passwords will bring you app. 66MB for each 100K accounts. So what is the cost of this ?

    I would just add another GB to the tablespaces of the TDS and move on....

    You time is much more valuable if you look into storing the CORRECT data and making it available in the right way.

    PS. I hope you did not cut the above from your system - even hashed passwords - especially like the records above is good entry into cryptanalysis to understand you password hashing - I do not think they will provide a direct threat - but it not good practice to show this kind of underwear in the public :-)

    HTH

    Regards

    Franz Wolfhagen

    Updated on 2018-08-12T18:40:12Z at 2018-08-12T18:40:12Z by franzw
  • JA5HVICU3
    JA5HVICU3
    2 Posts

    Re: Big several erhistoricalpassword attributes kept by LDAP ISIM

    ‏2018-08-12T21:42:19Z  
    • franzw
    • ‏2018-08-12T18:40:00Z

    IMHO you are chasing a wrong rabbit....

    If you look at from a mere space view a reduction from 20 to 5 historical passwords will bring you app. 66MB for each 100K accounts. So what is the cost of this ?

    I would just add another GB to the tablespaces of the TDS and move on....

    You time is much more valuable if you look into storing the CORRECT data and making it available in the right way.

    PS. I hope you did not cut the above from your system - even hashed passwords - especially like the records above is good entry into cryptanalysis to understand you password hashing - I do not think they will provide a direct threat - but it not good practice to show this kind of underwear in the public :-)

    HTH

    Regards

    Franz Wolfhagen

    Thanks for you answer, now is more clear.

     

    Referent to the hashed, it was generated randomly with openssl, but anyway i remove it.

     

    Regards

    Updated on 2018-08-12T21:42:41Z at 2018-08-12T21:42:41Z by JA5HVICU3