UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.
Vice Admiral
Vice Admiral
2281 views

How does one create a user with a null password in iManager?

I'm setting up LDAP authentication and need to create a user with a null password.

If you do not put a password in the password field when creating the user in iManager, a message pops up stating, No password has been defined for this user.

You are given a choice of:
Allow user to log in without a password
- or -
Do not allow user to log in without a password

If you choose Do not allow user to log in without a password, there are no complaints.

When I look at the properties of the newly-created user, however, I note that the "Require a password" checkbox is not filled in.
That would imply that the answer to the question posed during the user's creation is moot; either answer produces a user that can log in without a password.

I can then assign the Common Proxy password policy to the user, which does not dictate a minimum length for a password.

From that point forward, any attempts to leave the password field blank in iManager results in another pop-up message stating:
"Failure to enter a password will allow the user to login without a password."

That implies that no password exists for the user, as opposed to a null password.
Is that correct or are the public and private key for the user object still generated?
Labels (2)
0 Likes
3 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

If you do not specify a password, which is what happens when you select
the 'Do not allow user to log in without a password' option initially, the
user cannot login. A user with no password (meaning no password exists at
all, similar to a 'null' in programming) cannot login with a password
because, of course, they do not have a password.

If you specify a zero-length string as the password you are effectively
(and usually) creating a proxy user, for example to be used for the LDAP
service in eDirectory, and this user can login typing in a password (since
typing would imply one or more characters) but nevertheless there IS a
password, but it happens that it is zero-length, so typing nothing for the
password IS submitting the correct password. This is the option carried
out by eDirectory when you choose, 'Allow user to log in without a
password' (the prompt is a little misleading with its "without a password"
phrase).

Once you assign a UP policy you are telling the system that there SHOULD
be a password on the user (and with common proxy there definitely should
be, probably a strong one at that) so the only option now is whether or
not the password is zero-length or longer. Obviously longer is the
correct option for security reasons.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below...
Vice Admiral
Vice Admiral

Thank you for the response, ab.

You're correct, the prompt is misleading.

The reason I specifically assigned the proxy user to the Common Proxy password policy:
I have a password policy for my organization that requires at least 6 characters in a password.
That policy is applied at the partition (o=<whatever>) level. As such, a null password violates my standard policy.

Since the Common Proxy policy does not specify a minimum password length, a null password meets the criteria of that policy and the system does not complain.
0 Likes
Absent Member.
Absent Member.

On Wed, 11 Feb 2015 23:06:02 +0000, gathagan wrote:

> I'm setting up LDAP authentication and need to create a user with a null
> password.


This gets tricky, if you have a tree-wide Universal Password policy in
place. First you create the user, with a password (which won't work for
the LDAP Proxy user), then you create a new UP policy where passwords are
disabled entirely, and assign it to the user, then you can remove the
password from the user you just created.


--
--------------------------------------------------------------------------
David Gersic dgersic_@_niu.edu
Knowledge Partner http://forums.netiq.com

Please post questions in the forums. No support provided via email.
If you find this post helpful, please click on the star below.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.