Novell Home

My Favorites

Close

Please to see your favorites.

Password history ignored when changing password through SSPR "forgotten password" link

This document (7012135) is provided subject to the disclaimer at the end of this document.

Environment

NetIQ Self Service Password Reset
SSPR 2.0
SSPR 2.0 HF1a
Active Directory environment
Enforce Microsoft AD password complexity set to "True"
Active Directory password policy set to enforce password history

Situation

When changing the password through the "forgotten password" link SSPR does not
prevent the user from reusing the current or a previously used password.

User can use an old password when changing the password after clicking "forgotten password" and answering the security questions.

SSPR ignores the "Enforce password history" setting in the Active Directory policy when resetting the password through "Forgotten Password."

SSPR does honor the AD "Enforce password history" setting if the "change password" option is selected directly from the SSPR main menu. 

Resolution

This is as expected.  Changing the password after clicking the "Forgotten Password" link in SSPR is considered by AD to be a password reset, as opposed to a password change.  The Windows "Enforce password history" setting applies only to password changes and not to password resets

 

Additional Information

A password reset is performed by someone who does not know the current password. Typically this would be an administrative or help desk user.  In the case of SSPR the password reset is actually made in AD by the SSPR proxy user - after the user has correcly identified herself by answering the challenge questions. The just-used password is not added to the list of previous passwords in this case.

A password change, on the other hand, is performed by the end user of the account after providing the  current password.  In SSPR the user must authenticate with the current password in order to the change the password.  The change is made in AD as the logged in user himself.  The just-used password is then added to the password history list.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7012135
  • Creation Date:11-APR-13
  • Modified Date:12-APR-13
    • NetIQSecureLogin

Did this document solve your problem? Provide Feedback