Password Challenge Reset and Hints
Novell Cool Solutions: Tip
By Brett Berger
Digg This -
Posted: 10 Aug 2005
A reader recently asked:
"I would just love it if someone could point out a way to set things up so that when our Windows XP workstations boot up and display the Novell login prompt, the prompt includes some sort of button/link/etc that displays "I forgot my password". When the user clicks on it, I would like it to display our imanager password reset challenge questions. Any ideas?"
And here's the response from Forum expert Brett Berger:
If you are using Universal Password and the 4.91 client, you can set up the forgotten password hint on a user. You'll need Password Management 2.0.2 for Novell eDirectory (http://download.novell.com) installed, a Universal Password Policy configured, and Forgotten Password turned on. Then go to https://ip_address/nps and authenticate, and it should prompt you to create a hint.
Remember this hint is flagged public-read, so it should help ONLY you to remember your password. For example, if your password is novell, and you set up your hint to be n0v3ll - that not only helps you remember the password, but anyone else who sees the hint would probably guess your password is novell. One more example: if your company name is Novell, and you use Novell as your password, but the hint is "Where do I work?" - it is pretty obvious, the first guess is going to be Novell. Note, UP will not allow you to set the password to be the hint, but it doesn't stop you from putting n0v3ll as the hint for a password of Novell.
Once the hint has been created, if users log in from the 4.91 client and put in their username and password AND type a wrong password, an error dialog will pop up with two choices: OK and Password Help. If you select the password help, it will display the user's hint. There is no way from the Novell client to get the password help button prior to putting in your username and bad password.
Personally, I would set up Universal Password and Forgotten Password to force the user to change the password if forgotten, instead of displaying the hint. It is much more secure that way. On the forgotten password tab in the Passwords | Password Policies role, select the action "Allow user to reset password."
All the user needs to do is go to https://ip_address/nps answer the challenge questions, such as "what is your mother's maiden name" or "what is your childhood pet's name" etc. Once the user answers the questions, any time after that, he or she can come back to https://ip_address/nps, select "Forgot my password," and be prompted to answer the Challenge quesitons. Once this is done successfully, the user will automatically be forced to change the password.
Set it up in a test environment - get it how you want it, then do the same in your production tree.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com