Login
    Contenu x
    Password Synchronization Manager Basic Concepts
    • 30 Sep 2024
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    Password Synchronization Manager Basic Concepts

    • Mis à jour le 30 Sep 2024
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    To track password change requests, Password Synchronization Manager is loaded by the Local Security Authority (LSA) under the SYSTEM account. The password filter is triggered by LSA whenever a password change is requested and can accept or reject (prevent) the password from being changed.

    The password filter synchronizes passwords by propagating the password change requests to the OneSpan Authentication Server environment via SEAL. SEAL is a proprietary TCP/IP-based protocol used by OneSpan Authentication Server.

    If your organization is impacted by the General Data Protection Regulation (GDPR), you need to secure the communication between Password Synchronization Manager (PSM) and OneSpan Authentication Server via SSL to be GDPR-compliant. Each OneSpan Authentication Server configuration can be updated to use encrypted communication via the Use SSL option in the password filter configuration of the PSM Remote Configuration Manager.

    For more information about GDPR, refer to the OneSpan Authentication Server General Data Protection Regulation Compliance Guide.

    Synchronization mode

    The synchronization mode determines how the password filter communicates with and propagates password change requests to OneSpan Authentication Server instances.

    Password Synchronization Manager provides two synchronization modes:

    • asynchronous

    • synchronous

    Asynchronous mode

    The password change request is queued and propagated asynchronously to OneSpan Authentication Server. The domain controller triggers the password filter, which queues the password request and returns an accept message immediately. Afterward the domain controller actually changes the domain password while the password filter propagates the password change concurrently to OneSpan Authentication Server. If the OneSpan Authentication Server instance is offline, the password synchronization is delayed and retried as soon as the server is available again.

    Advantages

    • Domain controller is not blocked during password synchronization

    • High performance at high load

    • Fault tolerance

    Disadvantages

    • Delayed password synchronization

    Synchronous mode

    The password change request is propagated to OneSpan Authentication Server immediately, while the domain controller is being blocked waiting for the successful password synchronization. If the OneSpan Authentication Server instance is offline, the password change fails.

    Advantages

    • Immediate password synchronization

    Disadvantages

    • Domain controller is blocked during password synchronization

    • Reduced performance at high load

    • No fault tolerance

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle