User accounts password expires repeatedly when Universal Password advanced rules are NOT enabled

  • 3654929
  • 16-Aug-2006
  • 27-Apr-2012

Environment

Novell Modular Authentication Service (NMAS) 3.1.0
Novell Modular Authentication Service (NMAS) 3.0
Universal Password
Universal Password Advanced Rules are NOT set
Force periodic password changes set (These are set via NDS not Universal Password)
NMAS authentication turned on

Situation

User changes password and then on the second login attempt their password is expired again.
Users Public and Private key is getting updated on each login.
Users Universal Password is getting updated on each login
nspmPasswordHistory is getting updated on each login.

This only happens when Universal Password is enabled and the Advanced Password rules are disabled.


Resolution

The workaround is to enable Advanced Password Rules and let the password policy (Universal Password) govern the expiration time.

This fix is in NMAS 3.1.1 which was released with the Security Services 2.0.2 patch. If version of eDirectory is between eDirectory 8.7.3.x and 8.8.3.x then the latest nmas can be obtained from https://download.novell.com/patch/finder/ and in the Product drop down box, choose "Security Services" -> Choose the latest version available. 
NOTICE- 8.8.4 was not mentioned here for a reason, if the box is OES linux, the latest patch is included in the update channel, so please update all patches from the channel if on OES Linux!  Also, if eDirectory is already at 8.8.5, then it is recommended to update to the latest eDirectory patch for 8.8.5.  To do this use the link, https://download.novell.com/patch/finder/ and in the Product drop down box, choose eDirectory and in the version box, choose 8.8.5 -> Just choose the latest released patch for 8.8.5.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.