- Change the Semantic Type back to None
- Set the Display Type to Selection Menu, and add an option for each of the pre-defined questions
- Through an LDAP browser or LDAP import tool, locate the attribute definition (obattr=[attribute name],obclass=[user object class],o=Oblix,[COREid Configuration Container]) and add the value ObSChallenge for the attribute obsemantictype
- Restart the Identity Server
Pre-defining challenge questions can increase security by forcing users to answer only approved questions (as opposed to creating their own in free-form text). This allows administrators to select questions that the answers can not be easily obtained through social engineering or questions with common answers. Since the user's password can be reset by correctly answering to a displayed question, a weak challenge response is more of a security risk than a weak password.
No comments:
Post a Comment