Changing passwords when a security officer leaves, Multiple credentials procedures, Configuring the multiple credentials feature – HP Secure Key Manager User Manual
Page 66: Granting credentials, Revoking a credential grant, Remote administration procedures, Enabling the web admin user authentication feature
2.
Navigate to the Password Settings for Local Administrators section of the Administrator Configuration
page (Device Configuration > Administrators > Password Management).
3.
Click Edit.
4.
To enable password expiration, enter the Maximum Password Age in the Password Expiration field.
When an administrator’s password reaches this age, the administrator will be forced to create a
new password.
5.
To enable password history, enter the Num Passwords to Remember in the Password History field.
When creating a new password, an administrator cannot use a value that exists in their password
history.
NOTE:
The password history is only consulted when administrators attempt to change their own
passwords. It is not checked when one administrator changes another’s password.
6.
Enter the Minimum Password Length.
7.
Specify if the password must contain at least one lower case letter, upper case letter, number, or
special character, or some combination of these values.
8.
Click Save.
Changing passwords when a security officer leaves
In the event of a security officer personnel change, immediately change the passwords for administrator
accounts, user accounts, and backups in order to protect integrity of the SKM system and the data
protected by the encryption keys. This procedure should be handled quickly but deliberately, so that
access to the SKM configuration is secured but not in a haphazard manner. It is best to have a
documented procedure in place to handle such a situation. One possible procedure is the following:
1.
Delete the former security officer’s administrator account immediately, then create a new
administrator account with the same permissions but a different account name. Have the replacement
security officer use the new account.
NOTE:
The account must be deleted because It is not possible for administrators to change another
administrator’s password on the SKM.
2.
Have each remaining security officer change their administrator account password, preferably with
at least one other security officer present to witness the password change.
3.
Change the user account passwords on both the SKM and the enrolled clients, again with at least
one other security officer present. Because this may interrupt the ability of the library to retrieve
keys during the change and verification, this should be done outside the backup window at the
earliest convenience.
4.
Change the backup job passwords for each SKM in the configuration. Remember that if an
automated script is being used to run the backup jobs, the password information will have to be
changed in the script, as well.
Multiple credentials procedures
Configuring the multiple credentials feature
To configure the multiple credentials feature:
1.
Log in to the Management Console as an administrator with High Access Administrators access
control.
66
Performing configuration and operation tasks