ratclma Absent Member.
Absent Member.
689 views

Use SSPR password policies or NMAS password policies

Hi,
We are deploying SSPR for an eDirectory LDAP. Would the recommendation be to create password policies in SSPR or to use NMAS password policies? The SSPR password policies seem to have as many options as the NMAS ones but with the option to store challenge/response using one-way hash rather than the NMAS 3DES reversible-encryption.
Is SSPR designed to replace the need for NMAS password management as it seems to offer far more options?
Thanks
Mark
0 Likes
1 Reply
Knowledge Partner
Knowledge Partner

Re: Use SSPR password policies or NMAS password policies

On 02/18/2016 03:36 AM, ratclma wrote:
>
> We are deploying SSPR for an eDirectory LDAP. Would the recommendation
> be to create password policies in SSPR or to use NMAS password policies?
> The SSPR password policies seem to have as many options as the NMAS
> ones but with the option to store challenge/response using one-way hash
> rather than the NMAS 3DES reversible-encryption.


I do not think NMAS stores challenge response data using 3DES, or any
other, reversible encryption. The Universal Password (UP) is stored in a
reversible way, but I do not believe the responses for challenge/response are.

SSPR's NMAS Challenge Response support has been there since the start, but
SSPR is also meant to work in environments that are not running
eDirectory. As a result, you can do either, and both are fully supported.
One nice thing about NMAS support is that you can use SSPR to support an
existing infrastructure (NMAS Challenge Response) while adding more
features with the rest of SSPR, including a new Challenge/Response setup.

> Is SSPR designed to replace the need for NMAS password management as it
> seems to offer far more options?


It can, or it can be used along with it. Since it is meant to work on its
own (without any particular directory) it can do things that NMAS does not
yet do. In the end, it is up to you.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.