Since passwords are typically hashed on each system in a non-reversible, fashion and since different systems use incompatible password hashes, password synchronization must be an active process that takes place whenever users change their passwords.
There are really just two ways to synchronize passwords. Hitachi ID Password Manager supports both of the possible mechanisms for password synchronization:
- Transparent synchronization:
Password Manager can be configured to intercept native password changes on certain systems and:
- Apply a password policy beyond the one built into the system where a native password change first happened and potentially reject the initial password change
- Automatically synchronize the user's other passwords, on other systems, to the same value
Systems that can trigger password synchronization are Windows server or Active Directory (32-bit, 64-bit), Sun LDAP, IBM LDAP, Oracle Internet Directory, Unix (various), z/OS and iSeries (AS/400).
- Web-based synchronization:
Users authenticate to the Password Manager web GUI, using any browser, by keying in their NOS or directory ID and password. They can then set a single password on one or more of their own IDs on one or more systems.
Password Manager is a complete solution for managing passwords and other credentials, intended for users in a medium to large enterprise. It supports password synchronization, password reset, token management, unlock of encrypted filesystems and much more.