Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved


Chapter 1 Introduction : Password Policy

Password Policy
When using TIBCO Domain Utility to configure an administration domain, you can specify whether to enforce a password policy in the domain. Doing so allows the applications running in the domain to meet the fundamental security requirements defined in the Sarbanes-Oxley Act. For example, to meet Sarbanes-Oxley security compliance, a password must meet the following policy:
The password policy applies to user account passwords that allow access to TIBCO Administrator GUI modules and application passwords that are used to login to applications that have been deployed using the TIBCO Administrator GUI.
When a user is deleted, the user’s password history is also deleted.
Changing the Password Policy for Existing Domains
A user with write permission to the User console in the TIBCO Administrator GUI can change the password policy that was set when the administration domain was created. See the TIBCO Administrator User’s Guide for details about changing the password policy.
Distributing Changed Passwords
After a user changes his or her password successfully, the newly changed password must be distributed to all deployed applications on target machines, so that each application can use the newly changed password to login in an unattended mode. The easiest way to distribute changed passwords is to use the RedeployAllAppsForUser utility. See RedeployAllAppsForUser for details.
Domains Integrated with an LDAP Directory
If your administration domain is integrated with an LDAP directory, you can have both LDAP users and local users (users defined directly in TIBCO Administrator GUI). The password policy applies only to local users and does not apply to LDAP users.
Password Policy Choices
This section lists the password policies that can be applied to an administration domain using TIBCO Domain Utility. The password policy is set when a domain is created and can be changed later in the TIBCO Administrator GUI Users console.
No Policy
This choice allows an administration domain to be created with no policy enforced for passwords. This allows user accounts to be created in the TIBCO Administrator GUI without assigning passwords. If passwords are assigned, they will not expire. A user can attempt any number of logons without having the account locked out.
Default Policy
If selected, the following password policy is enforced. A password:
Normal Policy
This is not a selectable policy in TIBCO Domain Utility, but is provided as a password policy template file. See Custom Policy for information on finding this template file.
If you use this template file, the following password policy is enforced. A password:
Restrictive Policy
If selected, the following password policy is enforced. A password:
Custom Policy
You can provide a custom policy that is based on the password policy templates and schema file provided in the TIBCO_HOME/tra/version/config/security directory. After copying a template to another location and modifying it, click the ... icon and load the custom policy file. The file contents are written to the administration domain.

Copyright © TIBCO Software Inc. All Rights Reserved
Copyright © TIBCO Software Inc. All Rights Reserved