Validating password information
The BMC Remedy AR System server can validate the password entered by a user against the user's Windows or UNIX login password instead of maintaining an Encryption Security-specific password. To enable this:
- Make sure the BMC Remedy Encryption Performance Security or BMC Remedy Encryption Premium Security user name and the operating system user name are identical.
- If you use Authentication aliases, the Login name alias should be identical to the operating system user name.
- Leave the Password field in the User form blank. See "Field" in Adding and modifying user information
- Select the Cross Ref Blank Password check box on the EA (external authentication) tab of the AR System Administration: Server Information form. For more information about password configuration, see Setting external authentication options.
Make sure that you specify a password for Administrator accounts (such as Demo) before enabling Cross Ref Blank Password. Otherwise, an administrator can be locked out of the system.
Where supported, the operating system password validation feature enables the operating system to set the following password policies:
- Aging — Determines how quickly a password expires.
- Lockout — Limits the number of incorrect logins a user can enter before the system locks the user out.
- Password Restrictions — Sets the password length and the allowed password characters.
Aging and Password Restrictions can be configured in BMC Remedy AR System where the user password is stored in the User form (see Enforcing a password policy introduction and Enforcing restrictions on passwords). The operating system password management system must be used to configure Aging and Password Restrictions where the user password is stored external to the User form.
The operating system password management system can also be configured to lock out users after too many failed password attempts. Use this method when the user password is stored external to the User form. See Max Number of Password Attempts in Setting administrative options. The operating system password management system can also be configured to lock out users after too many failed password attempts. This method is effective where the user password is stored external to the User form.