Courion Now Supports OS/400 with Password Software

by Alex Woodie

PasswordCourier allows users to change forgotten passwords and synchronize the passwords they use to access multiple applications, enabling single sign-on capabilities. To change a password, users must be authenticated by PasswordCourier, which involves correctly answering up to five challenge questions that the user specified during the preliminary setup session. Before granting the password change, the software compares the user's new password against a dictionary of easily guessed or weak passwords. If for some reason the authentication fails, the software has the capability to automatically notify the help desk by creating a problem ticket.

Courion says giving users the capability to change their own passwords helps to reduce the number of calls to the help desk, thereby reducing the help desk workload and reducing expenses. Requests for forgotten passwords account for 25 to 40 percent of all calls to the help desk, and each password that needs to be reset costs the company between $14 and $28, according to research from Gartner.

For systems administrators, PasswordCourier provides a range of automated logging features and systems for controlling password policies. The software keeps track of user activity in the system and automatically logs the name, title, location, phone number, and e-mail address of users attempting to change their passwords or settings. It also tracks the time of day, the duration, the status, and the type of password event. Password policies can be applied to individual users, or groups of users, and can specify that stronger passwords be applied to certain levels of users such as power users.

The software can be set to lock out users who fail to enter a correct password after a certain number of attempts, and can be configured to automatically notify the help desk of these events. PasswordCourier can be configured to work with help desk applications; Courion says it has closely integrated its software with the Remedy Action Request System, recently acquired by Peregrine Systems; the Peregrine Service Center; the Clarify Clearhelpdesk, which in November was sold by Nortel Networks to Amdocs; and the PeopleSoft CRM Help Desk.

The Password Management Module for OS/400 agent uses OS/400 APIs to access the log-in parameters of AS/400 or iSeries users and communicates with the Windows-based PasswordCourier over TCP/IP. Passwords are not exposed during transmission because communication between Web browsers, agent software, and PasswordCourier is protected through 3DES encryption and SSL.

The Password Management Module for OS/400 is the latest addition to the PasswordCourier suite and joins a staff of 19 other agents. Courion says it uses native APIs in its agents whenever possible, giving it an advantage over other password reset systems that run scripts on target machines. Other PasswordCourier agents support Microsoft Windows 95/98/NT/2000 and Windows Active Directory; the Oracle, Sybase, and SQL Server database systems; OS/390 RACT, CA-ACF, and CA-Top Secret security technologies; Novell Netware Bindery and Novell Director Services; the AIX, HP- UX, and Solaris UNIX operating systems; the iPlanet Directory Server; IBM Lotus Notes; the R/3 and mySAP.com enterprise applications, from SAP; the RSA SecurID authentication system, from RSA Security; and the Remedy ARS help desk application, recently acquired by Peregrine.

Password management has been a hot topic of late, and has been buoyed by the renewed interest in security software in general. Several software vendors in the OS/400 space have recently announced products that enable users to reset their own passwords and synchronize the passwords they use. For example, elsewhere in this issue, you can read about a new password management solution from SafeStone Technologies called AxcessIT Web, which enables users to access multiple applications from a single gateway.

Also in the last month, PentaSafe Security Technologies started shipping VigilEnt User Manager/Password Management 1.0, which provides similar, cross- platform functionality. The first password reset and synchronization software that supported OS/400 (as well as other platforms) was unveiled by Proginet more than a year ago.