Passwords are the earliest and most common security and user verification mechanism; password cracking is the most common security hazard. The careless use and maintenance of passwords represents the greatest threat to the security of a network.
CA Single Sign-on is designed to protect resources on your network, on the Internet, and on corporate intra- and extranets. CA Single Sign-on authenticates users by interfacing to one or more user directories or Directory Services. CA Single Sign-on can authenticate users stored in Windows NT Domains, LDAP-based directories (such as iPlanet’s Directory Server), and several external relational databases. Interfaces to new Directory Service Providers are always under development, so you should contact your CA sales representative for support for other Directory Providers.
Passwords are stored in each directory, associated with each user. Most Directory Service Providers can enforce limitations on the content of passwords (password content policies) and can control the lifetime of passwords (password lifetime policies) and user accounts (account lifetime policies) to varying degrees. These controls are collectively called password policies.
Policies implemented by Directory Services Providers do not always fulfill a site's security requirements and using more than one directory service can create inconsistencies between directories. This can cause administrative headaches.
CA offers a CA Single Sign-on add-on module to help administrators implement and enforce robust, consistent, flexible, and comprehensive password policies across multiple directories: Advanced Password Services (or APS).
This component can greatly enhance your web site’s security by forcing your users to conform to administrator-defined rules for what a password should consist of and to control when, how, and how often a password must be changed.
CA Single Sign-on Version 4.1 (and later) provides a feature called Password Services. This functionality is based on early versions of APS. It contains some of the basic functions provided by these earlier versions.