Skip to main content

Overview of Transparent Password Synchronization

Bravura Pass can extend the native password management on selected types of systems with transparent password synchronization. When this is implemented on a trigger system:

  • Native password changes on the trigger system are subjected to the Bravura Pass password policy, and may be rejected on that basis.

  • Successful password changes trigger automatic password synchronization for other accounts, on other systems, that belong to the same user.

Transparent password synchronization can be triggered from native password changes on any of the following systems:

  • Windows 2016/2019/2022/2025 servers and Active Directory domains (password filter DLL on servers and/or DCs).

  • z/OS mainframes with RAC/F, ACF2 or TopSecret security products (security exit in the LPAR with the security products).

  • OS/400, iSeries servers.

  • Unix/Linux servers (passwd program wrapper binary).

  • Sun/Oracle and IBM LDAP servers (attribute change filter on the directory server).

Each of these triggers contacts the Bravura Pass server twice per password change, over an encrypted TCP/IP socket (shared key handshake, 256-bit AES encryption):

  • First connection: validate password quality, possibly reject the user’s choice of a new password and block the triggering password change due to policy violation

  • Second connection: initiate transparent password synchronization

In this section: