I would like to know how your organization deal with 2 DLP use cases (technically / process wise):
- (1) password protected file (e.g. word, excel zip file with user password)
- (2) encrypted file (e.g. user password encrypted documents)
I am struggling as DLP seems not able to apply “content inspection” to these 2 use cases.
This document (7018114) is provided subject to the disclaimer at the end of this document.
1) If possible, disable grace logins on the eDirectory password policy. When configured this way, eDirectory itself won’t force users to change an expired password during authentication, but applications such as SSPR can still do so.
2) Increment the allowed grace login value to account for a typical user authentication operation happening multiple times. This won’t resolve the problem exactly but it can decrease the amount of users that will hit the limit.
1. If they are within the “Password Expire Warn Time,” see a warning when logging in to SSPR telling them their password will expire in x number of days.
2. Be forced to change their password if they are within the “Password Pre-Expire Time.” This helps prevent users from experiencing password expiration during the middle of a session.
3. Be forced to change their password if it has expired.
1. Use the Client Login Extension (CLE) to force users to change expired passwords when logging into windows desktop. CLE can also be used to force Challenge/Response enrollment and other SSPR operations.
2. Integrate SSPR with Access Manager or other web SSO technologies to force users to pass through SSPR during authentication. This approach can force web users to reset expired password during authentication
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented “AS IS” WITHOUT WARRANTY OF ANY KIND.
This is a patch for the Client Login Extension. When this patch is installed, the CLE version will be at 4.3. It is a full build of the product.
Document ID: 5376511
Security Alert: No
Distribution Type: Public
Entitlement Required: Yes
- CLE_4.3_19.zip (52.2 MB)
- Identity Manager 4.5.5
- Identity Manager 4.5.6
- Identity Manager 4.6
- SecureLogin 8.5
- SecureLogin 8.5.1
- SecureLogin 8.5.2
- SecureLogin 8.5.3
- SecureLogin 8.6
- Self Service Password Reset 4
- Self Service Password Reset 4.1
- Self Service Password Reset 4.2
- Self Service Password Reset 4.3