The SIF driver can synchronize passwords between the Identity Vault and the Zone if the SIF driver and the Zone are using SIF Specification 1.5r1 or later. In order to properly synchronize passwords with the Identity Vault, you must be familiar with
Password Synchronization across Connected Systems
in the
Novell Identity Manager 3.5.1 Administration Guide
. There are two prompts in the SIF driver’s global configuration values (GCVs) that control password sharing with SIF. Set these two prompts to True if you want to synchronize or share passwords.
SIF Driver sends user passwords to the Zone
If set to True, the SIF driver sends user passwords in the Identity Vault to the Zone. Passwords are sent as SIF Authorization objects. Other SIF-enabled applications can subscribe to the Zone to receive the passwords.
You would set this parameter to True when other SIF-enabled applications want to use the user’s network password. When a Distribution Password is set for a new user or when a Distribution Password is changed in the Identity Vault, the SIF driver sends a SIF Authorization object containing the password to the Zone.
SIF Driver accepts user passwords from the Zone
If set to True, the SIF Driver sets user passwords in the Identity Vault to the passwords received from the Zone. The passwords are received as SIF Authorization objects. The passwords are published to the Zone by other SIF-enabled applications.
You would set this parameter to True if you want the network password to be generated by another SIF-enabled application. For example, you have a SIF-enabled application in the Zone that generates a password for each user. When the SIF driver receives the password in a SIF Authorization object, the corresponding user’s the Identity Vault password is set to this value.
If this parameter is set to True, we recommend that the SIF driver also be configured to set an initial password for each new user. There might be a delay between the creation of the user account and when the password is received, and it is best to make sure the account is protected by a password at all times.