|
|
|
•One of the key elements is the password
synchronization between our different systems. The way we have done this, is to have a
password changing web page. The user
connects to a secure web server via SSL and after they have been
authenticated, and their new password has passed strength tests, the web
server contacts our database and gets the appropriate public key and encrypts
the new password with that public key.
|
|
•The encrypted password is then stored in the
database in a change queue. We have
password change server running on another machine that polls the change queue
looking for password changes. When it
finds one, it takes the entry, and decrypts it, and then applies that to the
Windows domain controller. It then
marks that change as done. The private key is stored on password change
server machine, and not the database machine.
|
|
•The secure web server actually encrypts the
password several times with different keys, and puts it into several queues,
so that other password change servers, such as the one for our oracle server,
can change those passwords.
|
|
|
