Validating password information

The AR System server can validate the password entered by a user against the user's Windows or UNIX login password instead of maintaining an Encryption Security-specific password. To enable this validation, consider the following points:

• Make sure the Encryption Performance Security or Encryption Premium Security user name and the operating system user name are identical.
• If you use Authentication aliases, the Login name alias should be identical to the operating system user name.
• Leave the Password field in the User form blank. See "Field" in Creating-and-modifying-users.
• Select the Cross Ref Blank Password check box on the EA (external authentication) tab of the AR System Administration: Server Information form. For more information about password configuration, see Setting-external-authentication-options.

Where supported, the operating system password validation feature enables the operating system to set the following password policies:

• Aging—Determines how quickly a password expires.
• Lockout—Limits the number of incorrect logins a user can enter before the system locks the user out.
• Password Restrictions—Sets the password length and the allowed password characters.

Aging and Password Restrictions can be configured in AR System where the user password is stored in the User form (see Enforcing a password policy introduction and Enforcing restrictions on passwords). The operating system password management system must be used to configure Aging and Password Restrictions where the user password is stored external to the User form.

The operating system password management system can also be configured to lock out users after too many failed password attempts. Use this method when the user password is stored outside the User form. See Max Number of Password Attempts in Setting-administrative-options.