Any News on Password Expiration??

Does anyone know if Novell is going to deal with PW expiration issues and the Mobility pack? in my office we used LDAP for GW. If a user has a PW expire, then the Mobility pack will use the 3 grace logins in about 5 min. leaving the user locked out. Even if they change their PW in LDAP, but do not do it on the phone right away, then the phone will attempt to log in with the old PW and then lock out the user from LDAP ( thinking that there is an attempted breach into the account)

Also, I have seen that when a user changes the PW after the above has happened, then ANY mail that was sent to the user during the time their PW expired willnot Sync to the phone after they reconnect with the correct PW.

This needs to be fixed, has any one reported this yet?
Parents
  • One suggestion came up in the Novell GroupWise List about 3 months ago:
    http://ngwlist.com/pipermail/ngw/2010-October/152551.html

    I guess that would be the responsibility of the eDirectory/NMAS product
    teams to implement. Or, if Mobility could just authenticate against AD,
    that'd work too.

    "tschwartzniu" <tschwartzniu@no-mx.forums.novell.com> wrote in message
    news:tschwartzniu.4n3lq4@no-mx.forums.novell.com...
    >
    > Does anyone know if Novell is going to deal with PW expiration issues
    > and the Mobility pack? in my office we used LDAP for GW. If a user has
    > a PW expire, then the Mobility pack will use the 3 grace logins in about
    > 5 min. leaving the user locked out. Even if they change their PW in
    > LDAP, but do not do it on the phone right away, then the phone will
    > attempt to log in with the old PW and then lock out the user from LDAP (
    > thinking that there is an attempted breach into the account)
    >
    > Also, I have seen that when a user changes the PW after the above has
    > happened, then ANY mail that was sent to the user during the time their
    > PW expired willnot Sync to the phone after they reconnect with the
    > correct PW.
    >
    > This needs to be fixed, has any one reported this yet?
    >
    >
    > --
    > tschwartzniu
    > ------------------------------------------------------------------------
    > tschwartzniu's Profile: http://forums.novell.com/member.php?userid=90407
    > View this thread: http://forums.novell.com/showthread.php?t=429307
    >



  • How about this?

    Any news.

    On our Iphones, there is no notification about the password that is expired.
    Is this a feature that is coming into NDSMP?
  • I'm running
    Novell Data Synchronizer Versie: 1.0 Build: 290
    GroupWise Agent Build Version 8.0.2-92377
    GroupWise Agent Build Date 12-10-10
    GroupWise Resource Build Date 12-10-10


    But i'm not have looked at consuming grace logins.
    It's more that people don't know that their password is expired and that the iphone is not telling him, only that the username/pass not correct is.



    jmarton;2104684 wrote:
    floort wrote:

    > How about this?
    >
    > Any news.
    >
    > On our Iphones, there is no notification about the password that is
    > expired.
    > Is this a feature that is coming into NDSMP?


    I'll ask Novell... from what I'm reading, a fix was put in so early
    into the process that v1.0 of Mobility (build 104) should have already
    not consumed grace logins after a password was expired. Sounds like
    something has changed between now and then.

    What version of Mobility
  • Joseph,

    > The error will look the same as
    > entering a wrong username/password


    This is exactly what should be seen on the device. It should just keep
    prompting for the correct password, over and over.

    I am not sure if the fix was in build 290 but I am thinking not. He
    should upgrade to the latest as I know it's in there.

    Pam

  • floort wrote:

    > But i'm not have looked at consuming grace logins.
    > It's more that people don't know that their password is expired and
    > that the iphone is not telling him, only that the username/pass not
    > correct is.


    Oh, ok, a little different from the original issue that started this
    thread. That's why I was confused. Well, in that case, what you are
    seeing is Working As Designed. Might want to submit an enhancement
    request to see if Novell can alter the message returned when a password
    is expired (if it's possible).

    --
    Novell Knowledge Partner
    Enhancement Requests: http://www.novell.com/rms
  • yeah that's what we seen.. A message that the password/username is incorrect.

    So what's the fix you're talking about?
    I want something like "you're password is expired". A user can't still anything :S, but ok, they know the problem.
    The nicest solution is when a new password can be given, but that's too much for 2011 i think :)



    probello;2104739 wrote:
    Joseph,

    > The error will look the same as
    > entering a wrong username/password


    This is exactly what should be seen on the device. It should just keep
    prompting for the correct password, over and over.

    I am not sure if the fix was in build 290 but I am thinking not. He
    should upgrade to the latest as I know it's in there.

    Pam
  • floort wrote:

    > yeah that's what we seen.. A message that the password/username is
    > incorrect.
    >
    > So what's the fix you're talking about?


    The fix is to do what you're seeing. At one point, mobile device would
    consume all grace logins. That no longer occurs.

    > I want something like "you're password is expired". A user can't still
    > anything :S, but ok, they know the problem.


    Feel free to submit an enhancement request.

    --
    Novell Knowledge Partner
    Enhancement Requests: http://www.novell.com/rms
  • Oke, it's clear.
    I will submit an enhancement.

    Thanks.


    jmarton;2104812 wrote:
    floort wrote:

    > yeah that's what we seen.. A message that the password/username is
    > incorrect.
    >
    > So what's the fix you're talking about?


    The fix is to do what you're seeing. At one point, mobile device would
    consume all grace logins. That no longer occurs.

    > I want something like "you're password is expired". A user can't still
    > anything :S, but ok, they know the problem.


    Feel free to submit an enhancement request.

    --
    Novell Knowledge Partner
    Enhancement Requests: http://www.novell.com/rms
  • We have been using this for years now. Started it on Netware, moved it to Windows, now running it on linux.

    http://www.novell.com/communities/node/893/password expiration email notification

    Basically it is a java script that emails the users their password will expire in 30,15,7,6,5,4,3,2,1 days with a little blurb in the email on how to change there password.

    Our phone calls dropped drastically relating to password expiration. We have many other systems that are using LDAP auth and needed it years ago.



    >>> On Tuesday, May 10, 2011 at 12:00 PM, in message <eidyp.883$CL.250@kovat.provo.novell.com>, Joseph Marton<jmarton@no-mx.forums.novell.com> wrote:


    floort wrote:

    > yeah that's what we seen.. A message that the password/username is
    > incorrect.
    >
    > So what's the fix you're talking about?


    The fix is to do what you're seeing. At one point, mobile device would
    consume all grace logins. That no longer occurs.

    > I want something like "you're password is expired". A user can't still
    > anything :S, but ok, they know the problem.


    Feel free to submit an enhancement request.

    --
    Novell Knowledge Partner
    Enhancement Requests: http://www.novell.com/rms
  • Erich D. Flynn wrote:

    >

    http://www.novell.com/communities/node/893/password expiration email notification
    >
    > Basically it is a java script that emails the users their password
    > will expire in 30,15,7,6,5,4,3,2,1 days with a little blurb in the
    > email on how to change there password.


    I tried to get it to work but never had any luck. So after more
    searching I found a different Cool Solution with a script that does the
    same thing.

    http://www.novell.com/communities/node/3069/dtemailexpiredpasssh-notify-users-about-expired-passwords-email

    Works well on Linux. I customized the script a bit to do a little more
    than what it originally did.

    --
    Novell Knowledge Partner
    Enhancement Requests: http://www.novell.com/rms
  • This is much easier to work with and you don't need Java, but like you I customized the java to do other things.

    >>> On Wednesday, May 11, 2011 at 3:04 PM, in message <j5Byp.1057$CL.237@kovat.provo.novell.com>, Joseph Marton<jmarton@no-mx.forums.novell.com> wrote:

    Erich D. Flynn wrote:

    >

    http://www.novell.com/communities/node/893/password expiration email notification
    >
    > Basically it is a java script that emails the users their password
    > will expire in 30,15,7,6,5,4,3,2,1 days with a little blurb in the
    > email on how to change there password.


    I tried to get it to work but never had any luck. So after more
    searching I found a different Cool Solution with a script that does the
    same thing.

    http://www.novell.com/communities/node/3069/dtemailexpiredpasssh-notify-users-about-expired-passwords-email

    Works well on Linux. I customized the script a bit to do a little more
    than what it originally did.

    --
    Novell Knowledge Partner
    Enhancement Requests: http://www.novell.com/rms
  • Sounds like you are talking about the fix that was put in after myself and a few others flagged the expiry issue during beta. The fix was that mobility would now know if you're password has expired and not allow your device to connect. This fix was out before first release. Previously (in beta) as soon as your password expired your account was intruder locked due to handheld/server still authenticating.

    Obviously this doesn't help if the user changes their password but don't know they need to change it on all their devices. User education will help a lot. Increasing the number of intruder attempts helps a little in this regard. Password expiration emails as stated by others should help a lot too.
Reply
  • Sounds like you are talking about the fix that was put in after myself and a few others flagged the expiry issue during beta. The fix was that mobility would now know if you're password has expired and not allow your device to connect. This fix was out before first release. Previously (in beta) as soon as your password expired your account was intruder locked due to handheld/server still authenticating.

    Obviously this doesn't help if the user changes their password but don't know they need to change it on all their devices. User education will help a lot. Increasing the number of intruder attempts helps a little in this regard. Password expiration emails as stated by others should help a lot too.
Children
No Data