RTC/RQM password security management
Hello,
Can we provide any password security management capability with RTC/RQM when not using LDAP ?
For instance:
The password must be changed at first login
The account must be blocked after 5 errors
The password must be change after 180 days
And so on. It seems that application servers (tomcat or WAS) don't manage such rules.
Thanks
Bernard
Can we provide any password security management capability with RTC/RQM when not using LDAP ?
For instance:
The password must be changed at first login
The account must be blocked after 5 errors
The password must be change after 180 days
And so on. It seems that application servers (tomcat or WAS) don't manage such rules.
Thanks
Bernard
2 answers
(I know your original question was about "not" using LDAP, but I thought some background on how we are doing things here might be interesting.)
On jazz.net we share a single LDAP directory server for all jazz.net authentication services, including the website and the Jazz repositories that we are running for our projects. Neither our website nor the applications really control the password policies, but it is the LDAP server that dictates the policies. Our registration process and password change page on jazz.net do enforce users follow the appropriate policies, but these policies are dictated by a corporate security standard.
On jazz.net we share a single LDAP directory server for all jazz.net authentication services, including the website and the Jazz repositories that we are running for our projects. Neither our website nor the applications really control the password policies, but it is the LDAP server that dictates the policies. Our registration process and password change page on jazz.net do enforce users follow the appropriate policies, but these policies are dictated by a corporate security standard.
Those kinds of policies are handled by your user authentication
mechanism, not by RTC/RQM. So if you are using your application servers
authentication mechanism, you get only what is provided by that
application server.
Cheers,
Geoff
On 10/18/2010 11:08 AM, berndup wrote:
mechanism, not by RTC/RQM. So if you are using your application servers
authentication mechanism, you get only what is provided by that
application server.
Cheers,
Geoff
On 10/18/2010 11:08 AM, berndup wrote:
Hello,
Can we provide any password security management capability with
RTC/RQM when not using LDAP ?
For instance:
The password must be changed at first login
The account must be blocked after 5 errors
The password must be change after 180 days
And so on. It seems that application servers (tomcat or WAS) don't
manage such rules.
Thanks
Bernard