Integration details
To implement transparent password synchronization, special software is installed on the trigger system to monitor password changes and test the strength of new password choices. This software communicates with the Password Manager service on the Bravura Pass server, using an encrypted TCP socket connection.
Although RSA Authentication Manager 7.1/8.2 servers are not capable of being triggers, transparent synchronization can reset PINs, as long as alpha-numeric PINs are allowed on the RSA Authentication Manager 7.1/8.2 server.
Transparent password synchronization involves the following software:
Integration sub-system | Purpose |
|---|---|
Password Manager service ( | This service works in conjunction with trigger programs and libraries on various systems. Over a secure, encrypted TCP connection, the service evaluates a new password selected by a user, determines whether it should be accepted, and if so, synchronizes the password to a new value on all systems where the user has a login account. |
Password Change Notification Module | The |
Password replacement program ( | The Bravura Security password replacement program ( |
LDAP password filter plugin ( | The |
OS/400 exit program | Intercepts password changes on IBM OS/400 and propagates them to the Bravura Security Fabric server for policy validation and to initiate transparent synchronization. |
Software add-ons for Windows-based and os/400 trigger systems are shipped with Bravura Security Fabric and installed in the addon/transparent-synch directory. Software for Unix-based trigger systems is shipped with Connector Pack. The location depends on whether you install a global or instance-specific connector pack. The OS/390 trigger software is shipped with Mainframe Connector.
Optionally, you can enable the Password synchronization registration (PSR) module to educate users and enforce registration for transparent password synchronization.
Warning
If using load balancers, do not configure any SSL options for transparent synchronization traffic. SSL options should only be configured on load balancers for WebUI traffic, not transparent synchronization. Transparent synchronization is encrypted using a proprietary encryption algorithm. Contact support@bravurasecurity.com for more details.