Sun Java[TM] System Identity Manager 7.1 Deployment Tools |
Chapter 6
Configuring Dictionary SupportThis chapter describes how to configure a dictionary policy to help protect passwords from simple dictionary attacks. The information is organized as follows:
About the Dictionary PolicyA dictionary policy enables Identity Manager to check passwords against a word database to ensure that they are protected from a simple dictionary attack. If you use this policy with other policy settings to enforce the length and make-up of passwords, Identity Manager makes it difficult for anyone to use a dictionary to guess passwords that are generated or changed in the system.
This dictionary policy extends the password exclusion list specified using the
Must Not Contain Words feature on the Edit Policy page (Configure > Policies > Password Policies).
Configuring the Dictionary PolicyTo set up a dictionary policy, you must configure dictionary server support and then load the dictionary, as follows:
- From the Identity Manager administrator user interface, select Configure > Policies and click the Configure Dictionary button.
- When the Dictionary Configuration page displays, provide the following database information:
- Database Type — Select the database type (Oracle, DB2, SQLServer, or MySQL) that you will use to store the dictionary.
- Host — Enter the name of the host where the database is running.
- User — Enter the user name to use when connecting to the database.
- Password — Enter the password to use when connecting to the database.
- Port — Enter the port on which the database is listening.
- Connection URL — Enter the URL to use when connecting.
- Driver Class — Enter the JDBC driver class to use while interacting with the database.
- Database Name — Enter the name of the database where the dictionary will be loaded.
- Table Naming Context — Enter the prefix used to name the dictionary table in the database.
- Dictionary Filename — Enter the name of the file to use when loading the dictionary.
- Click Test to test the database connection.
- If the connection test is successful, click Load Words to load the dictionary.
- Click Test to ensure that the dictionary was loaded correctly.
- Click Save to save your changes.
Implementing the Dictionary PolicyTo implement the dictionary policy,
Once implemented, Identity Manager will check all changed and generated passwords against the dictionary.