Synchronizing Enhanced Password and NDS password
Novell Cool Solutions: Feature
Digg This -
Posted: 15 Oct 2003
Enhanced Passwords allow the administrator to force user passwords to conform to a pre-defined policy specifying minimum and maximum length, number of letters and numeric and special characters, excluded passwords, etc.
Here is how you synchronize your NDS and Enhanced Passwords.
- In ConsoleOne, open the security container, authorized login methods, and then properties of Enhanced password.
- Click on Password Policy, Restrictions, and check the box for "Allow synchronization to Novell Directory Services password."
- Still in ConsoleOne, open the container where the desired users reside, highlight the users, right click and choose "Properties of multiple objects."
- Go to the Restrictions, Password Restrictions page and uncheck the box for "Allow user to change password". This will prevent users from being able to change their NDS password.
- To force users to change their enhanced password on the next login, go to Login Methods, Enhanced Password, and check the box for "Force Password Change."
- The next time the user logs in using the enhanced password method the change password dialog box will appear. Check the box for "Change NDS Password." The NDS password will be changed to match the new Enhanced password. (SEE NOTE)
After applying the steps above, the only way users will be able to change their NDS password is when they also change their Enhanced Password. They will not be allowed to change their NDS password any other way. This will prevent users from changing their NDS password to be out of sync with their enhanced password.
Optionally, after everyone has had ample time to set a new Enhanced Password and to synchronize it with their NDS password, you could go into properties of the Enhanced Password, and on the Password Policy, Restrictions tab select the option to prohibit users from changing their password. That way neither the NDS nor the Enhanced Password could be changed.
NOTE: If the administrator wants to FORCE the user to change both the Enhanced and NDS passwords, and eliminate the possiblity that the user may fail to check the "Change NDS Password" box mentioned in step 6 above, download and apply the file epwd22p1.exe. With this patch in place when users login they will be prompted to change their enhanced password, and the check box for "Change NDS Password" will be checked, and grayed out (so that it can not be de-selected). Then when the user changes the enhanced password, the NDS password will change to match. (This patch was written for the the NMAS the 2.2 code base.)
For more info, see TID 10080043
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com