Environment
Novell Modular Authentication Service (NMAS) 3.1.0
Novell Modular Authentication Service (NMAS) 3.0
Universal Password
Universal Password Advanced Rules are NOT set
Force periodic password changes set (These are set via NDS not Universal Password)
NMAS authentication turned on
Novell Modular Authentication Service (NMAS) 3.0
Universal Password
Universal Password Advanced Rules are NOT set
Force periodic password changes set (These are set via NDS not Universal Password)
NMAS authentication turned on
Situation
User changes password and then on the second login attempt their
password is expired again.
Users Public and Private key is getting updated on each login.
Users Universal Password is getting updated on each login
nspmPasswordHistory is getting updated on each login.
This only happens when Universal Password is enabled and the Advanced Password rules are disabled.
Users Public and Private key is getting updated on each login.
Users Universal Password is getting updated on each login
nspmPasswordHistory is getting updated on each login.
This only happens when Universal Password is enabled and the Advanced Password rules are disabled.
Resolution
The workaround is to enable Advanced Password Rules and let the
password policy (Universal Password) govern the expiration
time.
This fix is in NMAS 3.1.1 which was released with the Security Services 2.0.2 patch. If version of eDirectory is between eDirectory 8.7.3.x and 8.8.3.x then the latest nmas can be obtained from https://download.novell.com/patch/finder/ and in the Product drop down box, choose "Security Services" -> Choose the latest version available.
NOTICE- 8.8.4 was not mentioned here for a reason, if the box is OES linux, the latest patch is included in the update channel, so please update all patches from the channel if on OES Linux! Also, if eDirectory is already at 8.8.5, then it is recommended to update to the latest eDirectory patch for 8.8.5. To do this use the link, https://download.novell.com/patch/finder/ and in the Product drop down box, choose eDirectory and in the version box, choose 8.8.5 -> Just choose the latest released patch for 8.8.5.
This fix is in NMAS 3.1.1 which was released with the Security Services 2.0.2 patch. If version of eDirectory is between eDirectory 8.7.3.x and 8.8.3.x then the latest nmas can be obtained from https://download.novell.com/patch/finder/ and in the Product drop down box, choose "Security Services" -> Choose the latest version available.
NOTICE- 8.8.4 was not mentioned here for a reason, if the box is OES linux, the latest patch is included in the update channel, so please update all patches from the channel if on OES Linux! Also, if eDirectory is already at 8.8.5, then it is recommended to update to the latest eDirectory patch for 8.8.5. To do this use the link, https://download.novell.com/patch/finder/ and in the Product drop down box, choose eDirectory and in the version box, choose 8.8.5 -> Just choose the latest released patch for 8.8.5.