booktrunk1 Absent Member.
Absent Member.
605 views

OES15 Password Policies

Hi.

We have a global default password policy configured under iManager. If I increase the minimum password length for our Groups Default Password Policy will all users get told they need to change their password to match the new minimum length, or would it just effect them the next time their password expires, and they need to change it.

The reason I am asking is that :-

I'm hoping to increase the minimum length without it causing any issues or any problems for users, but then once changed I will then expire our users passwords in groups and they i'm hoping would then need to comply with the increased password length.
Labels (2)
0 Likes
5 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: OES15 Password Policies

On 04/03/2018 07:44 AM, booktrunk wrote:
>
> We have a global default password policy configured under iManager. If
> I increase the minimum password length for our Groups Default Password
> Policy will all users get told they need to change their password to
> match the new minimum length, or would it just effect them the next time
> their password expires, and they need to change it.


I presume you are using Universal Password (UP) so the default with UP
policies is that the checkbox labeled "Verify existing passwords comply
with password policy" is NOT checked. For things like complexity,
character requirements, etc., the result is that during a normal, happens
a million times per day, boring login the system will NOT verify the
existing password matches the policy, under the assumption that the
password matched the policy when it was last set and accepted. Unless you
have checked that checkbox, you should be fine.

Of course, you should test this before impacting all users, ideally in a
test environment that somewhat matches Production. Alternatively, you can
duplicate your current password policy (I would do so via LDAP
personally), assign the new policy to a test user (yours perhaps), be sure
you see no changes despite trying to login a few times in a few ways, and
then change this new policy, which is assigned just to your user, so that
it has the complexity change. Test a bit more. UP takes the
most-specifically/granularly assigned policy first, so anything assigned
directly to a (in this case, test) user will override any other
generally-applied policies, ideal for every situation.

Also note that I believe this only applies for password complexity,,where
password age/lifetime is calculated at login time so that WOULD likely
cause an immediate need for not-recently-enough-changed-passwords to be
reset right away. That is not what you are asking about, but I thought I
would mention how I think it works just in case that ever comes up, even
though short password lifetimes is usually abused causing many more
security issues than they remove.

> I'm hoping to increase the minimum length without it causing any issues
> or any problems for users, but then once changed I will then expire our
> users passwords in groups and they i'm hoping would then need to comply
> with the increased password length.


A business case! Thank-you for providing this, as it helps better answer
questions.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
booktrunk1 Absent Member.
Absent Member.

Re: OES15 Password Policies

Thanks.

I've created a new policy and yep i'm in it. It worked sort of but didn't ask me at all to change my windows password which is going to be a right pain... Maybe it's just because i've got a slightly funky user and don't have the novell client at login, but on Windows 10 it seems to auto try to login with the windows password which usually is the same as our eDirectory password, and that seems to have fun and games. As it's logging in as the old one and trying to talk to the network whilst you have the box up asking you for your new longer password. 🙂
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: OES15 Password Policies

On 04/03/2018 09:44 AM, booktrunk wrote:
>
> I've created a new policy and yep i'm in it. It worked sort of but
> didn't ask me at all to change my windows password which is going to be
> a right pain... Maybe it's just because i've got a slightly funky user
> and don't have the novell client at login, but on Windows 10 it seems to
> auto try to login with the windows password which usually is the same as
> our eDirectory password, and that seems to have fun and games. As it's
> logging in as the old one and trying to talk to the network whilst you
> have the box up asking you for your new longer password. 🙂


I am not sure if this means it is working, or if something else can be
done. If you do not have the OES (formerly Novell) Client for windows,
then when you login you may not be using eDirectory at all. Perhaps you
are, but then how is that happening? That could make sense if you are
using Domain Services for Windows (DSfW) or if you are somehow mapping a
SMB volume at login time.

If you do have the OES client when you login then normally the same
password will be used both against the OES side of things as well (by
default) as the windows side, whether that's the local system only, or a
microsoft active directory (MAD) environment, or something else. If the
passwords are ont the same, whichever does not authenticate will typically
prompt you to correct things, stopping the login process until it is resolved.

You may want to build a VM or something where you can test how things work
for the majority of the populations; administrators often have different
rules (password policies, workstation setups, second factor, etc.) so our
own machines and users may not be ideal for this kind of test.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
booktrunk1 Absent Member.
Absent Member.

Re: OES15 Password Policies

It's a laptop and I log into windows and then oes so i changed the client to not appear on the windows login. So in the OES Client it has Computer Only Login "On" but in Windows 10 it seems to try to login to oes even thought it's meant to be logging into windows only. Then manually logging into OES by clicking on the client.
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: OES15 Password Policies

Ah, I see. Well in that case it explains why there may be issues with the
passwords being inconsistent. Perhaps you could set your windows password
at the same time so that it is a bit more like other systems. Otherwise
it sounds like things are working as expected without immediate password
changes being forced on you..

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.