Commodore
Commodore
463 views

Question about expired passwords

Jump to solution

I have a question for my understanding:

I assign a user a password policy that forces a password change and thus causes a users password to be expired; if I then, before the user changes the password, assign another policy, which has no setting to force password changes - is the password still expired? According to my testing it seems to be so. But I don't really understand how it works: does eDirectory set a flag somewhere to mark that password expired? Is it not a process that computes the expiration status on every login?

 

1 Solution

Accepted Solutions
Knowledge Partner Knowledge Partner
Knowledge Partner

This is covered pretty well here

https://support.microfocus.com/kb/doc.php?id=7016942

 

If you like it: like it.

View solution in original post

3 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

This is covered pretty well here

https://support.microfocus.com/kb/doc.php?id=7016942

 

If you like it: like it.

View solution in original post

Commodore
Commodore

Thanks a lot, that clarifies it.

I did look for an attribute like "Password Expiration Time" and did not find it. Obliviously this attribute is not shown in iManager's "Other" tab, because its shown under "Force periodic password changes" even if this is disabled. So, if there is a value there, then the password will expire, regardless if "Force periodic password changes" is enabled  or not, right? And enabling this, "Apply", and again disabling it will get rid of the "Password Expiration Time" for this user.

And the attribute is visible via LDAP of course - I should have looked there before, sometimes iManager is misleading.

Thanks for helping to sort this out!

 

 

 

Knowledge Partner Knowledge Partner
Knowledge Partner

AFAIK, this is the behaviour on current code (it's been different in the past). Other restrictions would still apply, though. So imagine user1 with an expired password (six digits long). You assign him a "non-expiring" policy with a minimum length of 8 and compliance check enabled, tick and untick "force periodic changes". In this case case he'll still get the "password expired" prompt (due to insufficient password length).

 

If you like it: like it.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.