Tagged: #OpenAM, #openDJ, password policies
This topic has 2 replies, 2 voices, and was last updated 3 years, 3 months ago by someswara.reddy.karem.
-
AuthorPosts
-
April 10, 2019 at 4:58 pm #25505
someswara.reddy.karem
ParticipantDear All,
Our scenario:
Customers passwords are stored in OpenDJ’s userPassword attribute and Customers passcodes (6 digit) will be stored in “passcode” (new custom attribute added to OpenDJ) attribute.
All customers will be under the below base dn:
dc=users, dc=company, dc=platform
And we have defined password and passcode policies accordingly.
Our challenge:1) How to enable password and passcode policies in OpenDJ appropriately for userPassword and passcode attributes??
And we would also wants to hash (SSHA-512) passcode values as like userPassword.
As far as I knew, we can apply password policies based on server and/or sub-entry. But in our scenario, all users are under the same base dn and we want to apply policies for userPassword and passcode attributes correspondingly. Is this possible at all??
It would be appreciated if you provide any guidance on this Thanks.
Regards
Som
April 10, 2019 at 5:23 pm #25506Ludo
ModeratorUnfortunately, there can only be a single password policy that apply to an entry (the pwdPolicySubentry operational attribute that indicates which password policy applies to the entry is single-valued).
The password policy was designed taking in consideration that there is a single password to authenticate a user (there is state associated that needs to be maintained in the entry).
April 16, 2019 at 11:11 am #25607someswara.reddy.karem
ParticipantThanks Ludo for your response.
With this limitation, we are trying to implement the below changes to meet requirements:
1) Apply password policy to userPassword attribute only, however create custom passcode attribute to store hashed passcode values (Salted SHA-512) and we don’t apply passcode policy in OpenDJ, instead implement validations in application layer.
Our challenge: is it possible to configure passcode attribute to store hashed values without creating password policy??is there anyway to configure passcode attribute to store hashed values?? (like userPassword attribute)
And if we store hashed passcode values in passcode attribute in OpenDJ, can we login using username and passcode??if yes, what are the changes we need to implement in OpenAM trees/nodes?
Thanks for your time and support.
Best Regards
Som -
AuthorPosts
You must be logged in to reply to this topic.