Passwords Properties

Operations	<<	>>

Passwords Properties

Use the Passwords property page to set multiple password policies. Multiple password policies prevent administrators from making changes to the KM server without the authorization of one or more other administrators. Multiple password policies enable a KM server site to specify the number of administrator passwords that are required to do the following tasks:

Add or delete KM server administrators.
Set multiple administrator passwords.
Recover user security keys.
Revoke user security keys.
Import or untrust another certification authority's certificate.

Getting to the Passwords property page

In the Administrator window, choose Configuration in the site where the KM server is located, and double-click CA.
In the Key Management Server Passwords box, type the advanced security administrator password, and then choose OK (if prompted).
Select the Passwords tab.

Setting Multiple Administrator Passwords

You set a multiple password policy to require one or more administrators to perform certain tasks on the KM server. For example, you can set your KM server so that the cooperation of three administrators is necessary to recover or revoke a user's security key.

The first time you access the Passwords property page, only one administrator's password is needed. The default user name is the name of the current administrator. All user names are entered manually.

After you set the initial multiple password policies, the Key Management Server Passwords dialog box reflects the password policies by showing the required number of user names and administrator passwords required to perform a task. You must choose Apply, OK, or Cancel before leaving the Passwords property page to update password policies.

Select the Passwords tab.
In the Key Management Server Passwords box, type the required number of advanced security administrator passwords, and then choose OK after each password.
Set the number of administrator passwords that must be entered for each option to perform advanced security tasks.

Option Description

Add administrators, delete administrators, or edit these multiple password policies Type the number of KM server administrators who will be required to add or delete administrators or to edit the Passwords property page. This number must be equal to or greater than the number of passwords required to perform the other tasks in the Administrators property page.

Recover a user's security keys Type the number of KM server administrators required to recover a user's security keys.

Revoke a user's security keys Type the number of KM server administrators required to revoke a user's security keys.

Import or untrust another Certification Authority's certificate Type the number of KM server administrators required to import or untrust a certificate from another certification authority.

Option	Description
Add administrators, delete administrators, or edit these multiple password policies	Type the number of KM server administrators who will be required to add or delete administrators or to edit the Passwords property page. This number must be equal to or greater than the number of passwords required to perform the other tasks in the Administrators property page.
Recover a user's security keys	Type the number of KM server administrators required to recover a user's security keys.
Revoke a user's security keys	Type the number of KM server administrators required to revoke a user's security keys.
Import or untrust another Certification Authority's certificate	Type the number of KM server administrators required to import or untrust a certificate from another certification authority.