You can use the Password Policy Wizard in iManager to create a Password policy, which provides users with the ability to recover from a forgotten password without contacting the help desk.
The following features are supported:
IMPORTANT:Before using Password Self-Service, review the information in
Managing Passwords by Using Password Policies in the Novell Password Management Administration Guide.
When you click thelink in the Novell Login dialog box, the system invokes the Forgotten Password Policy specific to the user. The following three options are supported by the Novell Client for Windows:
Display a password hint.
Authenticate via Challenge Response and show a password reminder (requires eDirectory 8.8 or later).
Authenticate via Challenge Response and reset the password.
NOTE:Not all features of Forgotten Password Self-Service are implemented with the Novell Client at this time, including e-mailing passwords and hints.
Figure 6-4 Novell Client Login Dialog Box
NOTE:Thelink is available in Novell Client 4.91 Support Pack 2 and later. Beginning in SP2, the Client prompts users to populate the Challenge Response set if they log in and the sets have not been entered.
The workstation administrator can choose to display or not display thelink on the Novell Login dialog box.
Right click the Red N, then click.
Set theoption to On or Off.
Before thelink can work, you must complete the following:
If you click the link before Password Self-Service is set up, you receive an error. If the administrator changed or set up a new policy, you are prompted on log in.
Before users can use the
Password Self-Service in the Novell Password Management Administration Guide for more information.
After the administrator configures the challenge sets and password policies, users need to provide their information for the challenge sets in either of the following two ways:
Right-click the Red N, then click. Depending on how the administrator configured the challenge sets, users enter their information in the dialog boxes presented. For example, if the administrator specifies three questions in the challenge set, users enter information in three different dialog boxes.
If the administrator selected theoption on the Forgotten Password page in iManager, the Client prompts users to enter this information when they log in and when their challenge set information is missing or out of date.
Figure 6-5 Forgotten Password Page in iManager
The challenge/response questions allow for any response, such as a word, a sentence, or a phrase. Because it might be difficult to correctly type a phrase or sentence when the text is hidden, answers are not hidden with asterisks by default, like passwords usually are. However, as an added layer of security, you can configure the challenge/response LCM to hide the user’s responses to the challenge questions. For example, when this functionality is enabled, instead of the user’s response reading “my son charlie” in plain text, the response reads “** *** *******.”
To configure the challenge/response LCM to hide the user’s responses to the challenge questions:
Create the following registry key:
Create a DWORD registry value named mask_responses, and set it to one of the following values:
0 - FALSE, don’t mask responses (default value)
1- TRUE, mask responses
If a user forgets the answers to his or her challenge/response questions, the Novell Client does provide a way to reset the answers. Right-click the Red N icon, then click. The user can then enter new responses in the dialog boxes presented.
If you specify a forgotten password action that requires a password hint, users are required to enter a hint that is a reminder of the password. The password hint is checked to make sure that it does not contain the user’s password. Users must enter a new hint every time they change their passwords.
Figure 6-6 Define Password Hint Dialog Box
If a user clicks thelink on the Novell Login screen, a dialog box containing the password hint is displayed.
Figure 6-7 Forgotten Password Hint Dialog Box
If a user enters an erroneous password, the login program displays an error message, prompting them to retype their password or click thelink.
Figure 6-8 Password Error Dialog Box
If the policy action is to show a hint but the user did not enter a hint for their current password, an error message is displayed telling the user to contact their system administrator to reset their password and to enter a hint the next time they set their password.
Figure 6-9 Forgotten Password Error Dialog Box
Users can also create a hint at any time using the Change Password window available at login or by pressing Ctrl+Alt+Delete then clicking.
Figure 6-10 Change Password Dialog Box