7.1 About Password Policies

You can create password policies at a container, OU, Group Policy, and user object level. Policies set at the container or organizational unit level are inherited by all associated directory objects. Password policies set at the user object level override all higher-level policies. Password policies are linked to application definitions through scripting and are not applied to directory objects. You can do this by creating a password policy in the Password Policies pane and then linking the policy to the application definition using the RestrictVariable command. However, the application definition is applied at the directory object.

Password policies are comprised of one or more password rules applicable to one or more single sign-on enabled applications and to specific directory objects. You can configure password policies in the Password Policy Properties tables of the Administrative Management utilities.

SecureLogin remembers the passwords and handles password changes after they expire on the back-end application. For example, after 30 days or when users decide to change their password. The SecureLogin password management functionality includes the capability to set password expiry duration and generate passwords that comply with specified password policies.

Password policies are typically created to match existing password policies. You should consult application owners before changing an existing password policy.

To determine the requirements and parameters of the password policy and the applications the password policy applies to, test complex policies on a test user account to ensure that they are viable.

7.1.1 Using Application Definition Wizard to Create Password Policy

You can create password policies through the application definition wizard while enabling application for single sign-on. For details on using the application definition wizard, refer to the Novell SecureLogin Application Definition Wizard Administration Guide .

However, you cannot use the wizard to edit or delete password policies.