How LDAP Authentication works on Rkimball?

The LDAP authentication is used only for password management on Rkimball, and has nothing to do with Windows Active Directoy. Once you have enabled LDAP authentication, a set of password rules change for all app users:

1) Password should be minimum 8 characters long, and must contain 1 upper case letter, 1 lower case letter, 1 numeric digit and 1 special char etc.

2) Complexity requirements are enforced when passwords are changed

3) Passwords set for first time use and upon reset must be a unique value for each user, and they must be set to change immediately after the first use

4) Restricts users to submit a new password similar to any of the last ten passwords he or she has used

5) All user-level passwords must be changed at least every 45 days

6) Passwords set for first time use and upon reset must be a unique value for each user, and they must be set to change immediately after the first use

7) Passwords issued by a System must force the user to choose another password before the next logon process is completed

8) Always use random password generator

9) All password resets or changes must be promptly confirmed by email to the authorized user. This is so that the authorized user can readily detect and report any fraudulent or abusive behavior

10) All systems that employ passwords at logon must be configured to permit only six attempts to enter a correct password, after which the user ID is deactivated and can only be reset by a privileged user after authenticating the user’s identity

11) User-chosen passwords must be entered twice when being changed, and masked such that the user cannot see what was typed

12) Passwords must not be stored in readable form in batch files, automatic logon scripts, software macros, terminal function keys, in computers without enforced access control mechanisms, or in other locations where unauthorized persons might discover or use them

 

Was this article helpful