6.3 Using Forgotten Password Self-Service

You can use the Password Policy Wizard in iManager to create a Password policy, which provides users with the ability to recover from a forgotten password without contacting the help desk.

The following features are supported:

IMPORTANT:Before using Password Self-Service, review the information in Managing Passwords by Using Password Policies in the Novell Password Management Administration Guide.

6.3.1 Using the “Did You Forget Your Password?” Link

When you click the Did you forget your password? link in the Novell Login dialog box, the system invokes the Forgotten Password Policy specific to the user. The following three options are supported by the Novell Client for Windows:

  • Display a password hint.

  • Authenticate via Challenge Response and show a password reminder (requires eDirectory 8.8 or later).

  • Authenticate via Challenge Response and reset the password.

    NOTE:Not all features of Forgotten Password Self-Service are implemented with the Novell Client at this time, including e-mailing passwords and hints.

Figure 6-4 Novell Client Login Dialog Box

NOTE:The Did you forget your password? link is available in Novell Client 4.91 Support Pack 2 and later. Beginning in SP2, the Client prompts users to populate the Challenge Response set if they log in and the sets have not been entered.

The workstation administrator can choose to display or not display the Did you forget your password? link on the Novell Login dialog box.

  1. Right click the Red N, then click Novell Client Properties.

  2. Click the Advanced Login tab.

  3. Set the Forgotten Password Prompt option to On or Off.

Before the Did you forget your password? link can work, you must complete the following:

If you click the link before Password Self-Service is set up, you receive an error. If the administrator changed or set up a new policy, you are prompted on log in.

Configuring Password Self-Service

Before users can use the Did you forget your password? link, the administrator must configure Password Self-Service and the user must enter the password hint or responses to challenge questions. The administrator should also upgrade to eDirectory 8.8 or later. See Password Self-Service in the Novell Password Management Administration Guide for more information.

Configuring Challenge/Response Settings

After the administrator configures the challenge sets and password policies, users need to provide their information for the challenge sets in either of the following two ways:

  • Right-click the Red N, then click User Administration > Challenge/Response Administration. Depending on how the administrator configured the challenge sets, users enter their information in the dialog boxes presented. For example, if the administrator specifies three questions in the challenge set, users enter information in three different dialog boxes.

  • If the administrator selected the Force user to configure Challenge Questions and/or Hint upon authentication option on the Forgotten Password page in iManager, the Client prompts users to enter this information when they log in and when their challenge set information is missing or out of date.

    Figure 6-5 Forgotten Password Page in iManager

The challenge/response questions allow for any response, such as a word, a sentence, or a phrase. Because it might be difficult to correctly type a phrase or sentence when the text is hidden, answers are not hidden with asterisks by default, like passwords usually are. However, as an added layer of security, you can configure the challenge/response LCM to hide the user’s responses to the challenge questions. For example, when this functionality is enabled, instead of the user’s response reading “my son charlie” in plain text, the response reads “** *** *******.”

To configure the challenge/response LCM to hide the user’s responses to the challenge questions:

  1. Create the following registry key:

    HKLM\SOFTWARE\Novell\NMAS\MethodData\challenge_response

  2. Create a DWORD registry value named mask_responses, and set it to one of the following values:

    0 - FALSE, don’t mask responses (default value)

    1- TRUE, mask responses

If a user forgets the answers to his or her challenge/response questions, the Novell Client does provide a way to reset the answers. Right-click the Red N icon, then click User Administration for > Challenge/Response Administration. The user can then enter new responses in the dialog boxes presented.

6.3.2 Using Hints for Remembering Passwords

If you specify a forgotten password action that requires a password hint, users are required to enter a hint that is a reminder of the password. The password hint is checked to make sure that it does not contain the user’s password. Users must enter a new hint every time they change their passwords.

Figure 6-6 Define Password Hint Dialog Box

If a user clicks the Did you forget your password? link on the Novell Login screen, a dialog box containing the password hint is displayed.

Figure 6-7 Forgotten Password Hint Dialog Box

If a user enters an erroneous password, the login program displays an error message, prompting them to retype their password or click the Did you forget your password? link.

Figure 6-8 Password Error Dialog Box

If the policy action is to show a hint but the user did not enter a hint for their current password, an error message is displayed telling the user to contact their system administrator to reset their password and to enter a hint the next time they set their password.

Figure 6-9 Forgotten Password Error Dialog Box

Users can also create a hint at any time using the Change Password window available at login or by pressing Ctrl+Alt+Delete then clicking Change Password.

Figure 6-10 Change Password Dialog Box