In an environment consisting of diverse systems running different operating systems, it is common for one individual to have separate accounts on each system, each with its own password. For security reasons, the user may be required to change their password every 30 to 90 days on each of these systems. These password changes can be a time-consuming task that is prone to errors and forgetting a password which can lead to user frustration and lost productivity.
For one of PARSEC Group's customers with 60 individual systems in a network with a corporate security policy requiring the passwords be changed every 30 days; the System Managers had to spend nearly 1 hour every month doing nothing but password changes for their own accounts. The time lost helping other users was added to that. One solution to this issue is to provide a common point of authentication for all the systems.
Centralized management of passwords provides benefits to users and administrators. These include:
- Reducing password fatigue (the act of keeping up with a large number of passwords) for the users
- Decreasing the number of IT help desk calls dealing with forgotten passwords
- Cutting IT costs and increasing production due to less time being spent maintaining passwords
- Centralizing the enforcement of password policies and possibly other security policies
Lightweight Directory Access Protocol (LDAP) is a standard for providing a quick lookup of information which is less frequently updated. Many environments use LDAP servers to maintain account information including passwords and client systems authenticate users against those servers. Most enterprise operating systems may be configured as a LDAP client allowing users to have a single source of authentication and providing a single password for each user. PARSEC Group can configure a LDAP server and configure the client servers to use it for authentication.
Active Directory is an authentication server for Microsoft Windows domains that is based on the LDAP protocol. In environments which use this, other systems may be configured to authenticate users with your domain controllers. These systems include OpenVMS, Tru64 UNIX, HP-UX, AIX, Oracle Solaris, Linux (Red Hat and SUSE). Once configured, each user who has an account on the Microsoft Windows domain and an account on the configured systems, may log in to the configured systems with the same password they use in Microsoft Windows. If they change their Microsoft Windows password, that also changes their password for the non-Microsoft Windows systems.
Kerberos is a network authentication protocol designed to provide secure authentication over a non-secure network. PARSEC Group can set up and configure a Kerberos server and configure your OpenVMS and UNIX based operating systems to use that server for authentication. As with LDAP and Active Directory, this provides the users with a single server maintaining a single password for the enterprise.
Single Sign-On (SSO) is the ability to log into one system or domain and use that authentication to gain access to resources or other systems. In addition to the benefits provided by a centralized authentication server, SSO provides these additional benefits:
- Reduces time spent by users entering usernames and passwords
- Reduces phishing success since users are not entering their passwords as frequently
OpenVMS may be customized to honor the authentication already done by other OpenVMS and non-OpenVMS systems. Call us today to find out how we can create a customized solution for your environment.