The SIF driver can synchronize passwords between eDirectory and the Zone if the SIF driver and the Zone are using SIF Specification 1.5r1 or later. In order to properly synchronize passwords with eDirectory, you must be familiar with "Password Synchronization across Connected Systems" in the Novell Nsure Identity Manager 2 Administration Guide. There are two prompts in the SIF driver's Global Configuration Variables (GCVs) that control password sharing with SIF. Set these two prompts to True if you want to synchronize or share passwords.
If set to True, the SIF driver sends user passwords in eDirectory to the Zone. Passwords are sent as SIF Authorization objects. Other SIF-enabled applications can subscribe to the Zone to receive the passwords.
You would set this parameter to True when other SIF-enabled applications want to use the user's network password. When a Distribution Password is set for a new user or when a Distribution Password is changed in eDirectory, the Novell SIF driver sends a SIF Authorization object containing the password to the Zone.
If set to True, the SIF Driver sets user passwords in eDirectory to the passwords received from the Zone. The passwords are received as SIF Authorization objects. The passwords are published to the Zone by other SIF-enabled applications.
You would set this parameter to True if you want the network password to be generated by another SIF-enabled application. For example, you have a SIF-enabled application in the Zone that generates a password for each user. When the Novell SIF driver receives the password in a SIF Authorization object, the corresponding user's eDirectory password is set to this value.
If this parameter is set to True, we recommend that the Novell SIF driver also be configured to set an initial password for each new user. There might be a delay between the creation of the user account and when the password is received, and it is best to make sure the account is protected by a password at all times.