Manualshelf

Neoview User Management and Security Administration Guide (R2.5)

ManualsBrandsHP ManualsSoftwareHP Neoview Release 2.5 Software
21222324252627282930
when you log on.) The security framework lets you substitute a CA certificate, as described in
“Obtaining and Installing Certificates” (page 56). You also control security policies governing
automatic download and behavior in the event of an expired certificate.
Because the same workstation can connect to multiple Neoview platforms, it is possible for
multiple certificates to be stored on the same workstation. At connection time, the client has the
option to specify the location to which the certificate should be downloaded, as described in
“Secure Login and Role Selection for Neoview Users” (page 145). If you do not specify a location,
the certificate is downloaded to the directory you specified when you installed the ODBC or
JDBC driver. If you did not specify a directory at installation time, the home directory is used
by default.
NOTE: The most common way to identify the home directory is the HOME environment
variable. If that variable is not set on the workstation, the security framework uses the
HOMEDRIVE and HOMEPATH environment variables. If those variables are not set either, an
error is reported.
The private key used for password encryption is stored in a file secured for SUPER.SUPER access.
The Neoview security infrastructure handles several types of passwords:
Remotely authenticated database user passwords (LDAP passwords)
Locally authenticated database-user passwords
Platform-user passwords
Role passwords
LDAP search passwords
Each has its own requirements and associated tasks.
Passwords for Remotely Authenticated Database Users (LDAP Users)
Passwords for LDAP users must match those defined in the external directory. LDAP password
administration is performed in the LDAP server environment, except that if the data source is
appropriately configured, as described in “Enabling Password Expiration Notifications” (page 53),
the Neoview platform notifies a user when his or her password will soon expire.
NOTE: In the current release of the Neoview security infrastructure, there is no means for
changing the password of an LDAP user from the Neoview platform. Any attempt to use a
Neoview client to change the password of an LDAP user will result in an error.
LDAP user passwords have the following characteristics:
If you use 1024-bit encryption, the maximum length of a password is 53 characters. However,
special considerations apply if the security policy requires power database users to present
a role password in order to log on; for more information on this topic, see “Role Passwords”
(page 26).
If you use 2048-bit encryption, passwords have a maximum length of 128 characters.
Blank passwords are not permitted.
The password cannot contain a slash (/).
Your own LDAP server might impose additional restrictions.
Passwords for Locally Authenticated Database Users
Passwords for locally authenticated database users are managed on the Neoview platform:
The password is specified initially when the user is created on Neoview, either in HPDM
or with the NCI CREATE USER command, as described in Adding a Database User
(page 99).
The user can change his or her own password, either in HPDM or by using the NCI ALTER
PASSWORD command, as described in “Changing Your Own Password” (page 107), provided
24 Introduction to Security on the Neoview Platform