Environment
Novell eDirectory 8.7.3 for All Platforms
Novell eDirectory 8.8 for All Platforms
Novell Modular Authentication Service (NMAS) 3.1.2
Novell eDirectory 8.8 for All Platforms
Novell Modular Authentication Service (NMAS) 3.1.2
Situation
User logins in and is prompted to change their password. They
successfully change their password and logout. The next login
prompts them to change their password again, getting into an
endless loop of changing the password each time the user logs in.
Symptoms:
Password History and "Verify whether existing password complies with the policy" are enabled in the Universal Password Policy associated to the user.
The Server is running NMAS 3.1.2. (Security Services 2.0.3 patch)
The users Password History is Full.
Symptoms:
Password History and "Verify whether existing password complies with the policy" are enabled in the Universal Password Policy associated to the user.
The Server is running NMAS 3.1.2. (Security Services 2.0.3 patch)
The users Password History is Full.
Resolution
This has been reported to Engineering as a bug.
Current Workaround:
Option 1
Since the Password History attribute is a hidden attribute, to determine if the users Password History is full, edit the Password Policy associated to the user and remove the checkbox next to"Verify whether existing password complies with the policy". Drop the users connections and relogin. If you are prompted to change the password, change it once more. Logout and back in. If the users is not prompted to change their password, then the users Password History is full.
Option 2
Turn off Password History or change the number of passwords to store in the history to a high value on the Universal Password Policy. A value to test with would be 50 passwords. Drop the users connections and relogin. If you are prompted to change the password, change it once more. Logout and back in. If the users is not prompted to change their password, then the users Password History is full.
Option 3
Call Novell Technical Support to verify Password History is full for the user.
Current Workaround:
Option 1
Since the Password History attribute is a hidden attribute, to determine if the users Password History is full, edit the Password Policy associated to the user and remove the checkbox next to"Verify whether existing password complies with the policy". Drop the users connections and relogin. If you are prompted to change the password, change it once more. Logout and back in. If the users is not prompted to change their password, then the users Password History is full.
Option 2
Turn off Password History or change the number of passwords to store in the history to a high value on the Universal Password Policy. A value to test with would be 50 passwords. Drop the users connections and relogin. If you are prompted to change the password, change it once more. Logout and back in. If the users is not prompted to change their password, then the users Password History is full.
Option 3
Call Novell Technical Support to verify Password History is full for the user.
Status
Reported to EngineeringTop Issue