kirchke Absent Member.
Absent Member.
571 views

Should SSPR adhere to password histories?

Hello,

I have had some issues where users are resetting their passwords within our SSPR appliance and it will allow users to enter in previous passwords successfully even though our eDirectory Universal Password Policy prohibits the use of up to 100 previously-used passwords. Should the SSPR be adhering to our Universal Password Policy on password history? If this is a setting to enable, where would it be located?

SSPR Appliance version: v4.1.0.0 b256 r39020
0 Likes
3 Replies
Knowledge Partner
Knowledge Partner

Re: Should SSPR adhere to password histories?

It should be able to, yes, particularly the password is changed as the
user themselves vs. as the proxy user which is an admin (history is not
forced on admins because admins should never know if a password they type
is in the user's history since it tells admins about a user's old passwords).

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
kirchke Absent Member.
Absent Member.

Re: Should SSPR adhere to password histories?

ab;2464833 wrote:
It should be able to, yes, particularly the password is changed as the
user themselves vs. as the proxy user which is an admin (history is not
forced on admins because admins should never know if a password they type
is in the user's history since it tells admins about a user's old passwords).

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.


I'm guessing that using the SSPR Helpdesk feature would not adhere to password histories then since an admin would be changing the user's password?
0 Likes
Knowledge Partner
Knowledge Partner

Re: Should SSPR adhere to password histories?

Likely t case, yes; helpdesk folks should not know users' passwords either.

I know SSPR can generate passwords randomly that match the password
policy, and I thought (old memory, cobwebs, warning) that you could force
Helpdesk folks to only be able to set passwords to those generated values,
meaning they would likely never be duplicates. Even if not as part of the
technology, yo could certainly tell Helpdesk folks to not use what they
are inclined to do for default passwords of, "companyName123' or whatever.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.