19.1 Preparing for password management
To get ready to support password self-service and user authentication in an Identity Manager user application, you need to know the following:
19.1.1 About password management features
The password management features supported by an Identity Manager user application encompass user authentication and password self-service. When you put these features into use, they enable your application to:
-
Prompt for login information (user name and password) to authenticate against Novell eDirectory
-
Provide users with password change self-service
-
Provide users with forgotten password self-service (including prompting for challenge responses, displaying a password hint, or allowing a password change, as needed)
-
Provide users with challenge question self-service
-
Provide users with password hint self-service
19.1.2 Required setup in eDirectory
Before you can use most of the password self-service and user authentication features, you need to do the following in eDirectory:
-
Enable Universal Password
-
Create one or more password policies
-
Assign the appropriate password policies to users
A password policy is a collection of administrator-defined rules that specify the criteria for creating and replacing user passwords. Novell Identity Manager takes advantage of NMAS (Novell Modular Authentication Service) to enforce password policies that you assign to users in eDirectory.
You can use Novell iManager to perform the required setup steps. For example, here’s how someone defined the DocumentationPassword Policy in iManager.
This password policy specifies:
-
Universal Password settings
-
Settings to deal with forgotten-password situations
-
Assignments that apply the policy to specific users
For more information on setting up Universal Password and password policies in eDirectory, see the Novell Identity Manager Administration Guide.