iliadmin1 Absent Member.
Absent Member.
456 views

Set No Expiration for Password on existing Account

Have one account that is used to sync/auth between Mobility and Groupwise and to login to the mobility admin portal. It used to be before I upgraded my Groupwise systems and added a new eDirectory server that the password never expired. Now it does, and that causes quite a bit of problems. It has a strong password set (min 15 characters) and I want to ensure it never expires, as it was before. How do I make that change and make it stick? I've tried it before, and for some reason it keeps reverting. I have eDirectory 9.1 on an OES 2018 server (master) and eDirectory 8.8.8 sp8 on an OES 11 server (replica). I make the change on the Master.

Kind regards,

Val

GW 2018 & Mobility Service-Version: 18.1.0 Build: 410 on SLES 12SP3, GW Client 18.02 (Build 131493) on Windows 7 64bit; server OES 11 on SLES 11 SP3; eDirectory 9.1 on SLES12SP3 and eDirectory 8.8sp8 on SLES11 SP3
Labels (1)
0 Likes
4 Replies
Knowledge Partner
Knowledge Partner

Re: Set No Expiration for Password on existing Account

You are probably using Universal Password (UP), and some change is causing
your authentications to use NMAS (upon which UP is based). While the
legacy NDS password attributes still exist and can be used to some extent,
the UP policies trump them when it involves preventing lax security, so
you cannot set a password to expire later than the policy will allow.

If this all seems likely, create a new UP policy with an appropriate name
and set it to have non-expiring passwords . Apply it directly to your
user, and then you should either be able to set the expiration way into
the future, or you can set it one more time and it will no longer expire.

On a side note, if you really are not using this password interactively
(meaning humans are not typing it in regularly, but instead computers are
using it like a token of some sort), then I'd probably make it a bit
bigger than just fifteen (15) characters. That's a fine start, but I have
real passwords that I use which are that long, and random, and memorized.
For anything I do not type in I use at least sixty-four (64) characters
because, well, why not? If you want a random one you can get it directly
from the machine:


openssl rand -base64 48


--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
0 Likes
iliadmin1 Absent Member.
Absent Member.

Re: Set No Expiration for Password on existing Account

Thanks, ab, I'll give a new UP a shot. The password is randomly generated at 22 characters (already using a password generator) with a hex 128 bit key so yeah, it can go higher. I didn't think I could get something over 32 characters to be accepted, so now I know! 🙂

Kind regards,

Val

GW 2018 & Mobility Service-Version: 18.1.0 Build: 410 on SLES 12SP3, GW Client 18.02 (Build 131493) on Windows 7 64bit; server OES 11 on SLES 11 SP3; eDirectory 9.1 on SLES12SP3 and eDirectory 8.8sp8 on SLES11 SP3
0 Likes
Knowledge Partner
Knowledge Partner

Re: Set No Expiration for Password on existing Account

On 02/25/2019 12:04 PM, iliadmin wrote:
>
> Thanks, ab, I'll give a new UP a shot. The password is randomly
> generated at 22 characters (already using a password generator) with a
> hex 128 bit key so yeah, it can go higher. I didn't think I could get
> something over 32 characters to be accepted, so now I know! 🙂


You can get to at least 127 character. The last I heard, there was a
hard-coded limit at or above 128 characters with UP because of an old,
obsolete LDAP RFC that prohibited longer passwords. Thankfully, that's
obsolete, so hopefully the restriction is gone, or will be soon.

--
Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.
iliadmin1 Absent Member.
Absent Member.

Re: Set No Expiration for Password on existing Account

Just following up....Worked like a charm! thanks again for the help!

Val

GW 2018 & Mobility Service-Version: 18.1.0 Build: 410 on SLES 12SP3, GW Client 18.02 (Build 131493) on Windows 7 64bit; server OES 11 on SLES 11 SP3; eDirectory 9.1 on SLES12SP3 and eDirectory 8.8sp8 on SLES11 SP3
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.