The mapping details are given in respective tables.
To meet SAS-70 certification requirement,the following criteria need to be met:
While migrating the CEE password settings to CTF, if the CEE setting is more liberal than the SAS-70 requirement, the SAS-70 minimum requirement setting is chosen; otherwise the CEE setting is taken.
Here's how the CTF site's password settings are selected:
This table shows the mapping of CEE's Host or Domain Configure settings to CTF 17.4's "runtime-options.conf" file.
CEE's Host or Domain Configure Settings | CTF 17.4 Tokens | Comments |
---|---|---|
Size of user's password history | PASSWORD_HISTORY_AGE | The CEE value is transferred to CTF 17.4. |
Authentication failures before lockout | LOGIN_ATTEMPT_LOCK | When the CEE value is "0", the CTF 17.4 value is set to "5", else the same CEE value is transferred. |
Minimum password length | MINIMUM_PASSWORD_LENGTH | The CEE value is transferred to CTF 17.4. |
Allow user join | DISABLE_USER_SELF_CREATION | When the CEE value is "true", the CTF 17.4 value is set to "false"; else it is set to "true". |
Project path separator string | PROJECT_PATH_SEPARATOR | The CTF 17.4 value is hard coded to ">". |
Suppress gathering of full name and organization | INCLUDE_ORGANIZATION_USER_FIELD | When the CEE value is "true", the CTF 17.4 value is set to "false"; else it is set to "true". |
Users can edit own organizations | ORGANIZATION_EDITABLE | The CEE value is transferred to CTF 17.4. |
Number of required character classes | PASSWORD_REQUIRES_MIXED_CASE | When the CEE value is "<=1" or "2", the CTF 17.4 value is set to "false"; else it is set to "true". |
Number of required character classes | PASSWORD_REQUIRES_NON_ALPHANUM | When the CEE value is "<=1" or "2" or "3", the CTF 17.4 value is set to "false"; else it is set to "true". |
Number of required character classes | PASSWORD_REQUIRES_NUMBER | When the CEE value is "<=1", the CTF 17.4 value is set to "false"; else it is set to "true". |
Reject passwords based on dictionary words | ALLOW_PASSWORD_DICTIONARY_WORD | When the CEE value is "true", the CTF 17.4 value is set to "false"; else it is set to "true". |
Password ticket expiration period for non-admins (days) | ACTIVATION_CODE_TIMEOUT | When the CEE value is "<=0", then set the CTF 17.4 value as 336. CEE value is multiplied by 24 (converting days to hours); else the same CEE value is transferred. |
Password ticket expiration period for non-admins (days) | INITIAL_PASSWORD_CHANGE_ACTIVATION_CODE_TIMEOUT | When the CEE value is "<=0", then set the CTF 17.4 value as 336. CEE value is multiplied by 24 (converting days to hours); else the same CEE value is transferred. |
Allow guest access/Allow anonymous access to domain home | ALLOW_ANONYMOUS_ACCESS_TO_DOMAIN_HOME | When either of the CEE values is "true", the CTF 17.4 value is set to "true"; else it is set to "false". |
This table shows the mapping of CEE's Host or Domain Configure settings to CTF 17.4's "/etc/ctf-pass.conf" file:
CEE's Host or Domain Configure Settings | CTF 17.4 Properties | Comments |
---|---|---|
Password expiration period for non-admins (days) | history.age | The CEE value is transferred to CTF 17.4. |
Users with non-expiring password | special.users | Same CEE value must be added to the existing users of CTF 17.4. |
Password expiry warning period (days) | history.warn | The CEE value is transferred to CTF 17.4. |