Password history ignored when changing password through SSPR "forgotten password" link
This document (7012135) is provided subject to the disclaimer at the end of this document.
Active Directory environment
Enforce Microsoft AD password complexity set to "True"
Active Directory password policy set to enforce password history
When changing the password through the "forgotten password" link SSPR does not
prevent the user from reusing the current or a previously used password.
User can use an old password when changing the password after clicking "forgotten password" and answering the security questions.
SSPR ignores the "Enforce password history" setting in the Active Directory policy when resetting the password through "Forgotten Password."
SSPR does honor the AD "Enforce password history" setting if the "change password" option is selected directly from the SSPR main menu.
This is as expected. Changing the password after clicking the "Forgotten Password" link in SSPR is considered by AD to be a password reset, as opposed to a password change. The Windows "Enforce password history" setting applies only to password changes and not to password resets.
A password reset is performed by someone who does not know the current password. Typically this would be an administrative or help desk user. In the case of SSPR the password reset is actually made in AD by the SSPR proxy user - after the user has correcly identified herself by answering the challenge questions. The just-used password is not added to the list of previous passwords in this case.
A password change, on the other hand, is performed by the end user of the account after providing the current password. In SSPR the user must authenticate with the current password in order to the change the password. The change is made in AD as the logged in user himself. The just-used password is then added to the password history list.
This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.
- Document ID:7012135
- Creation Date:11-APR-13
- Modified Date:12-APR-13
Did this document solve your problem? Provide Feedback