Database integration
Hitachi ID Password Manager (formerly P-Synch), a component of the Hitachi ID Management Suite, actually supports more than just passwords -- it is, in reality, a platform for managing authentication factors and encryption keys. Password Manager is used by many organizations to reduce the volume of IT support calls relating to passwords and PINs, to improve user productivity by eliminating login problems and to strengthen the security of passwords and of user support processes. Password Manager includes built-in connectors to manage passwords on over 100 kinds of systems and applications.
Oracle Database Integration
Password Manager can bind to any Oracle Database server (any version) using SQL*Net and issue PLSQL commands to enumerate users (SELECT), validate current passwords (test bind or SELECT) and reset passwords (ALTER USER, UPDATE or invoke a stored procedure).
The Password Manager administrator can specify alternate SQL commands and so can manage application passwords as well as database connect passwords.
Sybase ASE Database Integration
Password Manager can bind to any Sybase ASE database server (any version) using TDS and issue SQL commands to enumerate users (SELECT), validate current passwords (test bind or SELECT) and reset passwords (sp_password, UPDATE or invoke a stored procedure).
The Password Manager administrator can specify alternate SQL commands and so can manage application passwords as well as database connect passwords.
SQL Server Database Integration
Password Manager can bind to an MSSQL server, running version 7.x, 2000, 2005, 2008 or later, using its native TDS protocol. Once connected, Password Manager can list users, validate current passwords and administratively reset passwords by issuing SQL commands and/or calling stored procedures (SELECT, SP_PASSWORD, UPDATE, etc.).
Default SQL commands are included to update MSSQL passwords, while Password Manager administrators may specify alternate commands to manage passwords in application tablespaces.
No agent software is installed on the SQL server.
IBM UDB/DB2 Database Integration
Password Manager can bind to any DB2/UDB database server (any version) using the DB2/UDB client software and issue SQL commands to enumerate users (SELECT), validate current passwords (test bind or SELECT) and reset passwords (UPDATE or stored procedure).
The Password Manager administrator can specify alternate SQL commands and so can manage application passwords as well as database connect passwords.
Storing Password Manager user profile data in an external database
Password Manager normally stores security questions, used to authenticate users who forget their passwords, in its internal identity cache. The questions and answers are encrypted using 128-bit AES using a secret key. Alternatively, Password Manager can be tied to an external repository (e.g., LDAP, AD, Oracle, etc.) where it reads and writes security questions and login ID profiles.
Password Manager includes batch data loading programs (e.g., to load user profiles, security questions, login ID aliases) and data extraction programs (e.g., to dump the contents of any table as a CSV file).
Password Manager also includes a number of plug-in points that allow it to look up user profile data in an external database or directory at run-time, as required. These are used to externalize user profile data -- for example, to an LDAP directory, to Active Directory or to an database.
Finally, Password Manager includes a number of plug-in points that allow it to update user profile data, such as identity attributes, login ID reconciliation or security questions, on an external directory or database, at run-time. Such updates are normally the result of user registration processes.
Putting this flexibility together, an example deployment might authenticate users signing into Password Manager using their LDAP login ID and password and store user profile data, such as a list of login IDs to various systems and security questions, in the same or another LDAP directory.
