Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun Java[TM] System Identity Manager 7.1 Deployment Tools 

Chapter 6
Configuring Dictionary Support

This chapter describes how to configure a dictionary policy to help protect passwords from simple dictionary attacks. The information is organized as follows:

About the Dictionary Policy

A dictionary policy enables Identity Manager to check passwords against a word database to ensure that they are protected from a simple dictionary attack. If you use this policy with other policy settings to enforce the length and make-up of passwords, Identity Manager makes it difficult for anyone to use a dictionary to guess passwords that are generated or changed in the system.

This dictionary policy extends the password exclusion list specified using the
Must Not Contain Words feature on the Edit Policy page (Configure > Policies > Password Policies).

Configuring the Dictionary Policy

To set up a dictionary policy, you must configure dictionary server support and then load the dictionary, as follows:

  1. From the Identity Manager administrator user interface, select Configure > Policies and click the Configure Dictionary button.
  2. When the Dictionary Configuration page displays, provide the following database information:
    • Database Type — Select the database type (Oracle, DB2, SQLServer, or MySQL) that you will use to store the dictionary.
    • Host — Enter the name of the host where the database is running.
    • User — Enter the user name to use when connecting to the database.
    • Password — Enter the password to use when connecting to the database.
    • Port — Enter the port on which the database is listening.
    • Connection URL — Enter the URL to use when connecting.

      These template variables are available:

      • %h: host
      • %p: port
      • %d: database name
    • Driver Class — Enter the JDBC driver class to use while interacting with the database.
    • Database Name — Enter the name of the database where the dictionary will be loaded.
    • Table Naming Context — Enter the prefix used to name the dictionary table in the database.
    • Dictionary Filename — Enter the name of the file to use when loading the dictionary.
  3. Click Test to test the database connection.
  4. If the connection test is successful, click Load Words to load the dictionary.

    5. Note

    The load task may take a few minutes to complete.

  5. Click Test to ensure that the dictionary was loaded correctly.
  6. Click Save to save your changes.

Implementing the Dictionary Policy

To implement the dictionary policy,

  1. From the Policies page, click the Password Policy link to edit the password policy.
  2. On the Edit Policy page, enable the Check passwords against dictionary words option.
  3. Click Save to save your changes.

Once implemented, Identity Manager will check all changed and generated passwords against the dictionary.



Previous      Contents      Index      Next     

.   Copyright 2007 Sun Microsystems, Inc. All rights reserved.