Password Management Supported Platforms
Built-in Connectors
P-Synch® comes with built-in connectors for the following types of platforms and supported systems: (1)
|
Directories
|
File/print
|
Mainframes |
|
LDAP (any),
Active Directory,
Windows NT domains,
Novell eDirectory,
Novell NDS,
Unix NIS and NIS+,
Kerberos/DCE (any)
|
Windows NT/2000/2003, Novell NetWare, OS2 LanManager, Samba
|
MVS / OS/390 / zOS, RACF, CA-ACF2, CA-TopSecret, VM/ESA, Siemens BS2000, Tandem NonStop, Unisys MCP
|
|
Unix
|
Midrange
|
Database |
|
AIX, DGUX, Digital Unix, HPUX, IRIX, Linux,
NCR, OSF4, SCO OS, Solaris, SunOS, Tru64,
UnixWare, Unisys, passwd, shadow, Trusted
Computing Base
|
HP MPE, OS/400/iSeries, OpenVMS
|
DB2/UDB, Informix, MSSQL, ODBC, Oracle, Sybase
|
|
ERP
|
Messaging
|
WebSSO |
|
SAP R/3 4.0+,
PeopleSoft 7.5+,
Oracle Applications 11i+,
JDE OneWorld
|
MS Exchange 5.5, MS Exchange 2000/03/07, Novell GroupWise, Lotus Domino/HTTP, Lotus Notes/ID files, HP OpenMail
|
IBM TAM, RSA ClearTrust, Entrust getAccess, CA SiteMinder, Oracle COREid, SAP portal
|
|
Flexible agents
|
Hardware tokens and Smartcards
|
Miscellaneous |
|
API (application programming interface) integration,
LDAP attributes,
MQ Series,
SQL commands,
Telnet/TN3270/TN5250 sessions,
Unix/Windows cmd-line integration,
web forms,
web services (SOAP, XML)
|
RSA SecurID, Secure Computing SafeWord, Vasco Digipass, GemPlus, Precise Biometrics
|
RADIUS (various), Local and cached Windows passwords. Peregrine ServiceCenter, Remedy ARS, Clarify eFrontOffice, NAI Magic, Tivoli ADSM, IBM OLAP, IBM Tivoli Access Manager Connected Backup
|
Flexible Agents Simplify New Integrations
(2)P-Synch includes a number of flexible agents, each of which is programmable (and thus can be said to embody an SDK (software development kit)). These agents allow organizations to quickly and with a minimum of programming or scripting, integrate P-Synch with custom and vertical market applications.
Flexible agents expose a number of processes, including:
- Binding to an existing management API (application programming interface) (Java, Win32, Unix, COM, etc.).
- Screen-scraping Telnet, TN3270, TN5250, SSH and raw TCP socket connections.
- Navigating through web-based administration user interfaces over HTTP and HTTPS, with support for cookies, form parsing, redirects, etc.
- Executing arbitrary SQL code on Oracle, Sybase, MSSQL, DB2/UDB, Informix and other (ODBC) types of databases.
- Executing command-line administration programs on Unix (via local agent) and Win32 (on the P-Synch server).
- Manipulating arbitrary attributes in an LDAP directory.
- Posting updates to a web service (SOAP or other XML dialect over HTTP or HTTPS).
- Sending messages using MQ Series.
Organizations that wish to write a completely new agent to a custom or vertical market application may do so using whatever development environment they prefer (J2EE, .NET, Perl, etc.) and invoke it as a command-line or web service target using the appropriate P-Synch flexible agent.
An effort of 4 hours to 4 days is typically required to integrate P-Synch with a custom or vertical market application. This compares favorably with competitors' products, where a custom Java or other 3GL connector must be written from scratch, taking weeks or months and requiring the P-Synch administrator to have significant programming experience and the ability to learn how to use a new framework and API quickly.
Password Synchronization Triggers
Transparent password synchronization can be triggered from native password changes on any of the following systems:
- Windows NT compatible servers and domains (password filter DLL on servers or the PDC).
- Windows 2000, Windows 2003 servers and Active Directory domains (password filter DLL on servers and/or DCs).
- zOS, OS/390 and MVS mainframes with RACF, ACF2 or TopSecret security products (security exit in the LPAR with the security products).
- OS/400, iSeries servers.
- Unix servers (passwd program wrapper binary or PAM).
- Sun, Oracle and IBM LDAP servers (attribute change filter on the directory server).
Each of these triggers contacts the P-Synch server twice per password change, over an encrypted TCP/IP socket (shared key handshake, 128-bit AES encryption):
- First connection: validate password quality, possibly reject the user's choice of a new password and block the triggering password change due to policy violation
- Second connection: initiate transparent password synchronization