The mapping details are given in respective tables.
To meet SAS-70 certification requirement,the following criteria need to be met:
While migrating the CEE password settings to CTF, if the CEE setting is more liberal than the SAS-70 requirement, the SAS-70 minimum requirement setting is chosen; otherwise the CEE setting is taken.
Here's how the CTF site's password settings are selected:
This table shows the mapping of CEE's Host or Domain Configure settings to CTF 16.7's "runtime-options.conf" file.
| CEE's Host or Domain Configure Settings | CTF 16.7 Tokens | Comments |
|---|---|---|
| Size of user's password history | PASSWORD_HISTORY_AGE | The CEE value is transferred to CTF 16.7. |
| Authentication failures before lockout | LOGIN_ATTEMPT_LOCK | When the CEE value is "0", the CTF 16.7 value is set to "5", else the same CEE value is transferred. |
| Minimum password length | MINIMUM_PASSWORD_LENGTH | The CEE value is transferred to CTF 16.7. |
| Allow user join | DISABLE_USER_SELF_CREATION | When the CEE value is "true", the CTF 16.7 value is set to "false"; else it is set to "true". |
| Project path separator string | PROJECT_PATH_SEPARATOR | The CTF 16.7 value is hard coded to ">". |
| Suppress gathering of full name and organization | INCLUDE_ORGANIZATION_USER_FIELD | When the CEE value is "true", the CTF 16.7 value is set to "false"; else it is set to "true". |
| Users can edit own organizations | ORGANIZATION_EDITABLE | The CEE value is transferred to CTF 16.7. |
| Number of required character classes | PASSWORD_REQUIRES_MIXED_CASE | When the CEE value is "<=1" or "2", the CTF 16.7 value is set to "false"; else it is set to "true". |
| Number of required character classes | PASSWORD_REQUIRES_NON_ALPHANUM | When the CEE value is "<=1" or "2" or "3", the CTF 16.7 value is set to "false"; else it is set to "true". |
| Number of required character classes | PASSWORD_REQUIRES_NUMBER | When the CEE value is "<=1", the CTF 16.7 value is set to "false"; else it is set to "true". |
| Reject passwords based on dictionary words | ALLOW_PASSWORD_DICTIONARY_WORD | When the CEE value is "true", the CTF 16.7 value is set to "false"; else it is set to "true". |
| Password ticket expiration period for non-admins (days) | ACTIVATION_CODE_TIMEOUT | When the CEE value is "<=0", then set the CTF 16.7 value as 336. CEE value is multiplied by 24 (converting days to hours); else the same CEE value is transferred. |
| Password ticket expiration period for non-admins (days) | INITIAL_PASSWORD_CHANGE_ACTIVATION_CODE_TIMEOUT | When the CEE value is "<=0", then set the CTF 16.7 value as 336. CEE value is multiplied by 24 (converting days to hours); else the same CEE value is transferred. |
| Allow guest access/Allow anonymous access to domain home | ALLOW_ANONYMOUS_ACCESS_TO_DOMAIN_HOME | When either of the CEE values is "true", the CTF 16.7 value is set to "true"; else it is set to "false". |
This table shows the mapping of CEE's Host or Domain Configure settings to CTF 16.7's "/etc/ctf-pass.conf" file:
| CEE's Host or Domain Configure Settings | CTF 16.7 Properties | Comments |
|---|---|---|
| Password expiration period for non-admins (days) | history.age | The CEE value is transferred to CTF 16.7. |
| Users with non-expiring password | special.users | Same CEE value must be added to the existing users of CTF 16.7. |
| Password expiry warning period (days) | history.warn | The CEE value is transferred to CTF 16.7. |