Should users be prompted for their passphrase when they reset their own password with SecureLogin installed in LDAP mode connecting to AD?

  • 7940394
  • 02-Sep-2009
  • 26-Apr-2012

Environment

SecureLogin
SecureLogin SSO
3.5.x and later
MS AD, LDAP, NT4, Citrix, Terminal Services


Situation

Should users be prompted for their passphrase when they reset their own password with SecureLogin installed in LDAP mode connecting to AD?

Resolution

SecureLogin is typically installed in LDAP mode if the user authenticates to a different Directory for LAN logon than where they store their SSO data (e.g. if your users logon to eDirectory for LAN logon, but wish to install SecureLogin Single Sign-on data in Active Directory).

With the LDAP client, since the username and password to the LAN is different to the user’s authentication to the Directory SecureLogin data is stored in, SecureLogin must prompt for the passphrase every time the user’s password is reset, even if it is reset by the user.

This does not occur if using pure Active Directory or eDirectory mode. The user is only prompted to answer their passphrase if their password is reset by an administrator (and if passphrases are enabled).