I'd like to know :
- How are user passwords stored in Active Directory ?
- How admin passwords are stored in my Active Directory ?
Actually, CA Single Sign-On doesn't store the passwords directly but
the Active Directory itself. So when you are using Password Services,
and requesting user to change their password, CA Single Sign-On will
do a LDAP bind with the user credentials and will request to modify
the password to the Active Directory, using the attributes you have
mapped when defining the User Directory. Then the Active Directory
decides how to store the password.
For more information you can check the following:
SSO - Basic Password service integration with Active Directory
Tech Tip - CA Single Sign-On:Policy Server: Read Password Blob Utility
and about encryption
Using FIPS-Compliant Algorithms
FIPS 140-2 Algorithms
KB : KB000096310