Use the Passwords property page to set multiple password policies. Multiple password policies prevent administrators from making changes to the KM server without the authorization of one or more other administrators. Multiple password policies enable a KM server site to specify the number of administrator passwords that are required to do the following tasks:
You set a multiple password policy to require one or more administrators to perform certain tasks on the KM server. For example, you can set your KM server so that the cooperation of three administrators is necessary to recover or revoke a user's security key.
The first time you access the Passwords property page, only one administrator's password is needed. The default user name is the name of the current administrator. All user names are entered manually.
After you set the initial multiple password policies, the Key Management Server Passwords dialog box reflects the password policies by showing the required number of user names and administrator passwords required to perform a task. You must choose Apply, OK, or Cancel before leaving the Passwords property page to update password policies.
|Add administrators, delete administrators, or edit these multiple password policies||Type the number of KM server administrators who will be required to add or delete administrators or to edit the Passwords property page. This number must be equal to or greater than the number of passwords required to perform the other tasks in the Administrators property page.|
|Recover a user's security keys||Type the number of KM server administrators required to recover a user's security keys.|
|Revoke a user's security keys||Type the number of KM server administrators required to revoke a user's security keys.|
|Import or untrust another Certification Authority's certificate||Type the number of KM server administrators required to import or untrust a certificate from another certification authority.|