How to disable the pwdFailureTime attribute from being updated
This document (7002934) is provided subject to the disclaimer at the end of this document.
Novell Modular Authentication Service (NMAS) 3.2.1
Novell Modular Authentication Service (NMAS) 3.3.0
Novell eDirectory 8.8.x for All Platforms
Novell eDirectory 18.104.22.168 for Platforms
This setting is as follows:
nmas LoginInfo #
The value for the # (number) is as follows:
0 (or off) = Do not update any login attributes
1 = Only update attributes required by intruder detection
2 = update all login attributes except unused user password policy attributes
3 or on = update all login attributes
nmas LoginInfo 0
nmas LoginInfo 1
nmas LoginInfo 2
nmas LoginInfo 3
The command "nmas LoginInfo #" should be added at the end of the SYS:\SYSTEM\AUTOEXEC.NCF. After making this change, reset the server. The command may also be executed at the NetWare console.
When eDirectory/NMAS is started, it processes the commands in the file "nmas.cfg" . Manually create the nmas.cfg file in the same directory as the dib files (default directory is c:/novell /nds/dibfiles.) and add the "nmas LoginInfo #" in the nmas.cfg file. This command can also be executed from the Novell eDirectory Services console by selecting nmas.dlm, typing the command in the Startup Parameters field, then clicking Configure. Restart eDirectory after making adding the command in the nmas.cfg file.
When eDirectory/NMAS is started, it processes the commands in the file nmas.config. Manually create the nmas.config file in the same directory as the dib files and add the "nmas LoginInfo #" in the nmas.config file. The nmas.config file must be in the same directory as the dib directory. For example, if the dib directory path is
"/var/opt/novell/eDirectory/data/dib" then the nmas.config file path would be "/var/opt/novell/eDirectory/data/nmas.config". Restart ndsd after adding this command in the nmas.config. File permissions on this file should be set to at least 644. NMAS uses the same uid that ndsd uses so the owner should be root,
unless it is a non root install. Then the owner should be the same user/uid that is running ndsd.
update pwdFailureTime attribute | remove pwdFailuretime attribute on Successful login
nmas LoginInfo 0 no no
nmas LoginInfo 1 no no
nmas LoginInfo 2 yes yes
The pwdFailureTime attribute was implemented as defined in the LDAP Password Policy IETF draft which states the following in section 5.3.4:
"pwdFailureTime: This attribute holds the timestamps of the consecutive authentication failures"
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7002934
- Creation Date:08-APR-09
- Modified Date:26-APR-12
Did this document solve your problem? Provide Feedback