Introduction

The current section describes an EPAS Enforcer deployment scenario, including hardware set-up, configuration and parametrization.

EPAS Enforcer allows enterprises using Microsoft Active Directory1, Microsoft Windows1 workstations, Microsoft SQL Server local passwords, Linux systems or NetIQ SSPR2 to enforce the usage of strong passwords, by extending the standard password policy elements with unique policy features such as:

  • enforce use of strong passwords, using structural entropy (password strength)
  • guarantee password uniqueness across single systems or the entire environment
  • block the use of sequenced characters, alphabetical and numerical paterns
  • block the use of repeated characters

Extensibility of the password policies is achieved by placing active components (e.g. password filters, password exits or loadable modules) in the password change chain for each of the supported operating systems. Whenever a user performs a password change request, the authentication server contacts EPAS Enforcer in order to validate whether the password change is compliant with the defined policies.

EPAS Enforcer supports the following systems for handling password changes:

  • Microsoft Active Directory
  • Microsoft Windows workstations or servers (local accounts) (also includes Microsoft SQL Server local accounts).
  • NetIQ Self-Service Password Reset
  • Linux systems

  1. Active Directory, Windows, Microsoft SQL Server are registered trademarks of Microsoft Corporation 

  2. NetIQ Self-Service Password Reset is a product of Microfocus or one of its affiliates. Additional information can be found on the vendor documentation website