SecureLogin provides password policy functionality to enable you to efficiently and effectively manage user passwords, in order to comply with your organization's security policies. You can create password policies at the container, OU, Group Policy and user object level. Policies set at the container or organizational unit level are inherited by all associated directory objects. Password policies set at the user object level override all higher level policies. Password policies are linked to application definitions through scripting and are not applied to directory objects. You can do this by creating a password policy in the Password Policies pane and then linking the policy to the application definition using the RestrictVariable command. However, the application definition is applied at the directory object.
Password policies comprise one or more password rules applicable to one or more SSO-enabled applications and to specific directory objects. You can configure password policies in the Password Policy Properties Tables of the Administrative Management Utility, the iManager SSO plug-in, or Group Policy snap-ins. For more information, see the Novell SecureLogin 6.0 SP1 Overview.
SecureLogin remembers passwords and can also handle password changes after they expire on the back end application (every 30 days, for example) or when users decide to change their passwords. SecureLogin password management functionality includes the capability to set password expiration periods and generate random passwords that comply with specified password policies. For more information, see the Novell SecureLogin 6.0 SP1 Application Definition Guide.
NOTE:You can configure password change events using SecureLogin’s wizards or through the application definition editor.
Password policies are typically created to match existing password policies. You should consult application owners before changing an existing password policy.
To determine the requirements and parameters of the password policy and the applications the password policy applies to, we recommend that you test complex policies on a test user account to ensure they are viable.