IBM Security Verify

 View Only

ISDS SSl vs password

  • 1.  ISDS SSl vs password

    Posted Thu June 08, 2023 10:10 AM


    Wondering about the following. Users are authenticated in our application by certificates attached to their LDAP entries. There is also a password associated but this the users never use or are even aware of; they have no means of updating it. Is not a password sitting there a risk of some sort? Should not the password attribute be removed and password access be disabled? Don't know what best practice is or what's possible. Don't see anything specific about coordinating SSL and password access in doco, it just seems to be a case of enable SSL and forget about passwords?

    In other words shouldn't it be SSL setup or password setup but not both?