Environment
Novell
eDirectory
Novell
SecureLogin 3.51
Novell
SecureLogin 6.0
Novell
Client for Windows 2000/XP/2003 4.91 Support Pack 2
Situation
SecureLogin does not detect
password change from the Novell Client change password
dialog.
SecureLogin still uses old
password after a password change.
Resolution
The solution to this issue is
addressed by updates to both SecureLogin and the Novell Client for
Windows 2000/XP.
- Update SecureLogin to version
6.0.005 or newer. (or forSecureLogin 3.51, update to version
3.51.307).
- Update the Novell Client to version 4.91 sp4 or newer.
- It may also be neessary to register slinac.dll as the Novell Credential Manager. To do so, create a (string value) registry setting in
[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Network Provider\CredentialManagers] called
- Update the Novell Client to version 4.91 sp4 or newer.
- It may also be neessary to register slinac.dll as the Novell Credential Manager. To do so, create a (string value) registry setting in
[HKEY_LOCAL_MACHINE\SOFTWARE\Novell\Network Provider\CredentialManagers] called
"SSOSync"="c:\\windows\\system32\\slinac.dll"
Note that the path to slinac.dll may be different from the above example, depending onWindows version (c:\windows\system32 or c:\winnt\system32). Also, the installation of the 3.51.307 update will automatically make this registry entry during the installation process. For 6.0.005 users, the registry key and value are not set by the installation routine. Future releases of 6.0 updates will include this registry key and value as part of the installation process.
Note: Older versions of SecureLogin will support password expiration but will not support password change.Additional Information
SecureLogin has always
supported password expiration. This is where the password has
expired in eDirectory and the user is prompted to change the
password during the login process. The Novell client interacts with
eDirectory to change the password and then passes the new
credential information to SecureLogin via a registered Novell
client login extension. But during a forced password change
SecureLogin is not notified that a password change event
occurred.
Users activate the forced
password change by pressing on
the keyboard. The Novell client displays a window with a button
labeled "Change Password". If the user clicks on the change
password button, the Novell client will allow the user to change
their password on any of the connected resources. Since
this activity was outside of the login process, the Novell
client would not call any registered login extensions. So there was
no notification to the SecureLogin client that a password change
had occurred. The only method of notifying SecureLogin that a
password change had occurred was for customers to work around the
issue by forcing users to logout and log back in to the
network.
SecureLogin scripts using the
syspassword runtime variable would not be updated with the users
new password after a password change event had occurred. Also
Citrix passthrough would still attempt to utilize the old password.
Logging out and logging back in to the network would force the
Novell client to call SecureLogin with the new password. The
SecureLogin client would then update the syspassword runtime
variable with the new password.