Usage: Use the Password Cache table to manage entries in the password cache.
Description
The Passwords tab lists all password cache entries for the SGD array.
Use the New button to add a password cache entry, using the Create New Password Cache Entry page.
Use the Edit button to edit an entry in the password cache, or the Delete button to remove an entry from the password cache.
Use the Reload button to refresh the Password Cache table.
Use the Search field to search
for entries in the Password Cache table. You can use the
* wildcard in your search string. Entering a
search string of name is equivalent to
searching for
*name*
and returns any match of the search string. The number of results
returned by a search is limited to 150, by default.
Command Line
On the command line, use the tarantella passcache commands to list, add, and delete password cache entries. See Section D.59, “tarantella passcache”.
When you create a new password cache entry, it is important that you enter a valid name in the User Identity or Server fields on the Create New Password Cache Entry page. The Administration Console supports several ways that you can enter a name in the User Identity or Server field, as follows:
Browse button. If the selected User Identity Type option is Local or LDAP/Active Directory, you can use the Browse button next to the User Identity or Server field to browse for object names. Using the Browse button in this way avoids errors when entering object names.
Full Name. Enter the full name into the field. For example, you can enter the fully qualified name for an application server from the local repository as follows:
.../_ens/o=appservers/cn=boston
Partial Name. Enter a partial name, without the namespace prefix, in the field. Depending on the selected User Identity Type option, the Administration Console adds the relevant namespace prefix when the password cache entry is saved.
For example, if you select UNIX (User/Groups) as the User Identity Type and enter
o=organization/cn=Indigo Jonesin the field, the Administration Console creates the password cache entry using the name.../_user/o=organization/cn=Indigo Jones.The Administration Console adds the
.../_usernamespace prefix when the password cache entry is saved.The following table shows the namespace prefixes that the Administration Console adds for the selected User Identity Type option.
User Identity Type
Namespace Prefix
Local
.../_ensUNIX (User/Groups)
.../_userWindows Domain Controller
.../_wnsLDAP/Active Directory
.../service/sco/tta/ldapcacheSecurID
.../service/sco/tta/securidAnonymous
None
Third Party
.../service/sco/tta/thirdpartyIf you specify a partial name in the Server field, the Administration Console adds the
.../_ens/o=appserversnamespace prefix when the password cache entry is saved.
LDAP names must be entered using the SGD naming format. The following example shows a partial name for a user identity from an LDAP repository:
dc=com/dc=example/cn=indigo-jones
This name is converted to the correct LDAP format when the password cache entry is saved, as follows:
.../_service/sco/tta/ldapcache/cn=indigo-jones,dc=example,dc=com
When you create a new password cache entry using the Create New Password Cache Entry page, you specify a Password Type. The Password Type setting is used by SGD to organize passwords in the password cache.
The following table describes the supported Password Types.
Password Type | Description |
|---|---|
Standard | Default type of password cache entry. |
SSO | Password is used for single sign-on authentication. |
Persistent | Password cannot be deleted from the cache by the user, regardless of the user's password preferences setting. When forced authentication is used, the password cache entry is overwritten with the supplied credentials. |
The Scope column in the Password Cache table shows the applicable password preferences setting, when the password was saved in the cache.
A password scope of Always Cache is shown as a blank entry in the Scope column.
The System Default Password Cache Level attribute determines the default password scope for an array. See Section A.1.3, “System Default Password Cache Level”.
Users may be able to override the default value, using the Password Preferences tab on their workspace. See Section 4.7.3.2, “User Management of the Password Cache” for details.