It's all about the answers!

Ask a question

Password aging etc...


Norman Dignard (32645795) | asked Oct 09 '15, 12:48 p.m.

We're in the process of exposing our jazz instance to the outside world (our customers). As part of the security concerns we need to implement some password aging and usage (not the same as the previous pwd, lenght, upper/lower mix, etc..)

 We are using tomcat.

Any other implications that thi smay envoke?

Accepted answer


permanent link
Donald Nong (14.3k211) | answered Oct 11 '15, 8:03 p.m.
CLM does not manage the user passwords. Since Tomcat is mentioned in the post, I suppose you're using the Tomcat User Database as the user repository. In this case, it does not provide the feature that you request either. You really need a proper user directory service to have such features, in other words, you need an LDAP server, such as Microsoft Active Directory or Apache Directory Server (ApacheDS). When you integrate an LDAP server into the system, you will have to provide an interface for the users to update and reset the password, which varies depending on the choice of LDAP server.
Norman Dignard selected this answer as the correct answer

Comments
Norman Dignard commented Oct 15 '15, 7:47 a.m.

Can you tell me if IBM's WAS supports this?  

As for using a LDAP server - I'm not that familar with it but in our org we need to support users from 2 separate stand-alone AD forests (a bussiness and dev networks) as well as external users  (other companies - our customers).

We are in the process of enabling JAZZ access to our customers (raising defects, collaborating on requirements) using a F5 device .  Our security group has identified some concerns, password security features being one of them.


Donald Nong commented Oct 15 '15, 7:09 p.m.

I'm not aware WebSphere has features such as prompting a user to change a password before expiry.

One other answer



permanent link
Ted Mayer (4513) | answered Oct 09 '15, 1:18 p.m.

Hi Norman,

The JTS server does not handle the authentication of the users, this is handled through the application server itself. In your case, you're using the Apache Tomcat as the application server, I have not been able to find a way to configure Tomcat to set a password expiration or to set a certain length. One thing you can do is to post the question on the Apache Tomcat forums and see if this is possible.

Your answer


Register or to post your answer.