Change password issue

Similar Messages

• Jython having issue importing weblogic modules for changing passwords

  I am trying to import some WLST modules into a Jython script as outline in the documentation at http://e-docs.bea.com/wls/docs92/config_scripting/config_WLS.html#wp1019971
  The strange thing is that it says it is a WLST script, but it appears to be a Jython script. I tried performing this import using WLST interactive mode, but this did not work.
  I am passing the passwords as encrypted strings while using the encrypt() function
  Here is the script:
  import sys
  from weblogic.management.security.authentication import UserPasswordEditorMBean
  #To be invoked by java -cp /usr/local/bea/wlserver_10.0/common/lib/jython.jar org.python.util.jython
  #usage: wlst.sh ResetWLPassword.py <current_pass> <user> <new_pass> <adminServerURL>
  #{3DES}/asdfadsf== -
  #{3DES}asdfafdsadsf== -
  myPass = sys.argv[1]
  myUser = sys.argv[2]
  newPass = sys.argv[3]
  adminServerURL = sys.argv[4]
  #Connect
  try:
  connect('weblogic',myPass,adminServerURL)
  except:
  print "Could not connect using supplied credentials"
  dumpStack()
  try:
  print "Changing password ..."
  atnr=cmo.getSecurityConfiguration().getDefaultRealm().lookupAuthenticationProvider("DefaultAuthenticator")
  atnr.changeUserPassword(myUser,myuser,newPass)
  print "Changed password successfully"
  except:
  print "Password change failed"
  dumpStack()
  I am receiving the following error message:
  java -cp /usr/local/bea/wlserver_10.0/common/lib/jython.jar org.python.util.jython /tmp/ResetWLPassword.py "{3DES}/adsfadsfadsf==" weblogic "{3DES}asdfadsfasd== " t3://localhost:7003
  sys-package-mgr: can't create package cache dir, '/usr/local/bea/wlserver_10.0/common/lib/cachedir/packages'
  Traceback (innermost last):
  File "/tmp/ResetWLPassword.py", line 2, in ?
  ImportError: No module named management

  blumo wrote:
  You are calling org.python.util.jython again instead of weblogic.WLST like I advised in my first post. Invoke WLST (not jython) and pass your values in cleartext. Like I said in my previous post, I was able to execute your script without issue when calling WLST and passing cleartext values (I did have to modify one line to due a bug in your script -- see my prior posts).This seems to work in terms of getting the code to run, but there is still a problem with passing the arguments to the changeUserPassword() method.
  I entered the sequence of commands in the script manually into WLST and it works without issue. It even works without the import, which is strange that Oracle includes it in their documentation.
  I am going to post the code here, perhaps there is something wrong syntax-wise with the way I am authenticating, but I can't put my finger on it.
  import sys
  from weblogic.management.security.authentication import UserPasswordEditorMBean
  myPass = sys.argv[1]
  myUser = sys.argv[2]
  newPass = sys.argv[3]
  adminServerURL = sys.argv[4]
  #Connect
  try:
  connect(myUser,myPass,adminServerURL)
  except:
  print "Could not connect using supplied credentials"
  dumpStack()
  try:
  print "Changing password ..."
  atnr=cmo.getSecurityConfiguration().getDefaultRealm().lookupAuthenticationProvider("DefaultAuthenticator")
  #atnr.changeUserPassword('weblogic','weblogic','12345678')
  atnr.changeUserPassword(myUser,myPass,newPass)
  print "Changed password successfully"
  except:
  print "Password change failed"
  dumpStack()
  throws:
  Connecting to t3://localhost:7003 with userid weblogic ...
  This Exception occurred at Mon Feb 23 11:50:18 PST 2009.
  javax.naming.AuthenticationException [Root exception is java.lang.SecurityException: User: weblogic, failed to be authenticated.]
       at weblogic.jndi.internal.ExceptionTranslator.toNamingException(ExceptionTranslator.java:42)
       at weblogic.jndi.WLInitialContextFactoryDelegate.toNamingException(WLInitialContextFactoryDelegate.java:773)
       at weblogic.jndi.WLInitialContextFactoryDelegate.pushSubject(WLInitialContextFactoryDelegate.java:670)
       at weblogic.jndi.WLInitialContextFactoryDelegate.newContext(WLInitialContextFactoryDelegate.java:466)
       at weblogic.jndi.WLInitialContextFactoryDelegate.getInitialContext(WLInitialContextFactoryDelegate.java:373)
       at weblogic.jndi.Environment.getContext(Environment.java:307)
       at weblogic.jndi.Environment.getContext(Environment.java:277)
       at weblogic.jndi.WLInitialContextFactory.getInitialContext(WLInitialContextFactory.java:117)
       at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
       at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:288)
       at javax.naming.InitialContext.init(InitialContext.java:223)
       at javax.naming.InitialContext.<init>(InitialContext.java:197)
       at weblogic.management.scripting.WLSTHelper.populateInitialContext(WLSTHelper.java:498)
       at weblogic.management.scripting.WLSTHelper.initDeprecatedConnection(WLSTHelper.java:551)
       at weblogic.management.scripting.WLSTHelper.initConnections(WLSTHelper.java:303)
       at weblogic.management.scripting.WLSTHelper.connect(WLSTHelper.java:201)
       at weblogic.management.scripting.WLScriptContext.connect(WLScriptContext.java:60)
       at weblogic.management.scripting.utils.WLSTUtil.initializeOnlineWLST(WLSTUtil.java:121)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at org.python.core.PyReflectedFunction.__call__(PyReflectedFunction.java:160)
       at org.python.core.PyMethod.__call__(PyMethod.java:96)
       at org.python.core.PyObject.__call__(PyObject.java:248)
       at org.python.core.PyObject.invoke(PyObject.java:2016)
       at org.python.pycode._pyx6.connect$1(<iostream>:16)
       at org.python.pycode._pyx6.call_function(<iostream>)
       at org.python.core.PyTableCode.call(PyTableCode.java:208)
       at org.python.core.PyTableCode.call(PyTableCode.java:404)
       at org.python.core.PyTableCode.call(PyTableCode.java:287)
       at org.python.core.PyFunction.__call__(PyFunction.java:179)
       at org.python.pycode._pyx18.f$0(/tmp/ResetWLPassword.py:20)
       at org.python.pycode._pyx18.call_function(/tmp/ResetWLPassword.py)
       at org.python.core.PyTableCode.call(PyTableCode.java:208)
       at org.python.core.PyCode.call(PyCode.java:14)
       at org.python.core.Py.runCode(Py.java:1135)
       at org.python.util.PythonInterpreter.execfile(PythonInterpreter.java:167)
       at weblogic.management.scripting.WLST.main(WLST.java:106)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at weblogic.WLST.main(WLST.java:29)
  Caused by: java.lang.SecurityException: User: weblogic, failed to be authenticated.
       at weblogic.common.internal.RMIBootServiceImpl.authenticate(RMIBootServiceImpl.java:116)
       at weblogic.common.internal.RMIBootServiceImpl_WLSkel.invoke(Unknown Source)
       at weblogic.rmi.internal.BasicServerRef.invoke(BasicServerRef.java:589)
       at weblogic.rmi.internal.BasicServerRef$1.run(BasicServerRef.java:479)
       at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
       at weblogic.security.service.SecurityManager.runAs(Unknown Source)
       at weblogic.rmi.internal.BasicServerRef.handleRequest(BasicServerRef.java:475)
       at weblogic.rmi.internal.BasicServerRef.access$300(BasicServerRef.java:59)
       at weblogic.rmi.internal.BasicServerRef$BasicExecuteRequest.run(BasicServerRef.java:1016)
       at weblogic.work.ExecuteThread.execute(ExecuteThread.java:200)
       at weblogic.work.ExecuteThread.run(ExecuteThread.java:172)
  Could not connect using supplied credentials
  Changing password ...
  Password change failed

• IMessage issue: Changed password for my Apple ID this morning and now my iMessage is sending through my email?

  iMessage issue: Changed password for my Apple ID this morning and now my iMessage is sending through my email instead of my number and I haven't been receiving any texts through iMessage! I read the article, followed the steps, and it did not fix the problem. Help?

  Hello!
  On all of these devices, go to: Settings > iCloud and make sure they're updated with the new password. If you're talking about Macs, go to: "System Preferences > iCloud" too.

• Issue in redirecting to change password

  Hi
  I am working on IDM 7.0.I have the following requirement.
  I need to have two links in login.jsp. One for forgot userid and another for forgot password. Inorder to implement this I developed a new custom login.jsp. I have all the functionalities working fine except
  1) When the admin resets a user password,and then the user tries to login, the change password page is not displayed only the error meesage is getting displayed.
  2) When the user clicks forgot your Password link after the user answers the security question page, the change password page is not getting displayed (In system configuration I have set bypasschangepassword to false.) but instead its getting redirected to
  http://localhost:port/idm/user/login.jsp?lang=en&cntry=US&command=fromQuestion
  In login.jsp I have two input fields for username and password. On submit a new jsp is called where I retrieve the username and password and use getSession to create the session and then redirect to main.jsp.
  I am missing out some logic in my login.jsp.I would really appreciate if anyone could give me some ideas.
  Thanks,
  Vinu

  If you upgrade to v7.1 you will have all those features and more - PLUS a lot of defective pieces have been fixed in 7.1

• How to Enforce User Change Password First Time User in Release 2?

  Hi...
  We discovered in Oracle Directory Manager(in unix is oidadmin), there actualy
  column to expiry date.(the default is 60).
  We follow this notes in metalink..
  Note:176470.1 Subject: How To Pre-Expire Portal Passwords
  Even though the note is for Portal30(release1), we just wangt to try it in our Release 2...
  Extract from the note
  "3. Set the value of the column LAST_PASSWD_CHANGE_TIME in the table WWSEC_PERSON$ in SSO schema to a value older than the password expiration period (default is 90 days) before the current time (e.g. sysdate - 100) for the appropriate user(s)
  4. For example, if you have created a user called TEST
  you would issue a command such as:
  update wwsec_person$
  set LAST_PASSWD_CHANGE_TIME =sysdate-70
  where USER_NAME='TEST';
  commit; "
  But, when we try to login again in the portal, we can still login...
  So, is the function still exist in Release 2?..
  If not, why Oracle Portal throw that function away?
  Why there still columns in WWSEC_PERSON$ that maybe linked to the password problem?
  can anybody help/explain?
  Thanks....

  Rather than rehash what has already been thoroughly discussed, check this thread. This should answer your question.
  Can a user change his own password after admin has set it
  The english version of Jose Troya's blog: http://obiee101.blogspot.com/2008/08/obiee-change-password.html
  Edited by: LC143 on Aug 27, 2008 1:36 PM

• In Portal Anonymous mode - Change password option not coming- login fails

  Hi Experts,
       We are having some application which requires login in anonymous mode. When we click the application and give the user id password, it loggs in properly, there is no problem in that.
      But if the password is reset by administrator, then when entering the reset password given by admin it should ask to change the password. This is happening in normal scenario(/irj/portal), but when try the same in anonymous mode(irj/portal/anonymous) where the prompt is from the login required application, then it says login failed instead of giving the change password and confirm password screen.
  Appreciate your help in solving this issue. I hope many would have faced similar situation.
  Thanks
  Yusuf

  Hi Yusuf.
  Do you use a standard or custom login module for your application?
  More likely the used login module does not have a logic that handles such scenario as a change of user's password.
  In this case you need to implement a custom module with a required functionality.
  Best regards,
  Aliaksandr Zhukau

• Unable to change password while first logon on windows server 2008 R2 SP1 system

  Hi Team,
  Ad team has created new account for me with change password on first logon setting
  When I logged in on Windows Server 2008 r2 SP1 system with my new credentials I get a error message stating that
  "You must change your password before logging on the first time. For assistance, conatct your system administrator or technical support" 
  Concern:
  I do not get password change screen on first logon on the server. How should I change my password on first logon?

  Hi,
  I got resolution for above issue
  Run ==> type "tsconfig.msc" ==> double click "RDP-TCP" ==> change security layer to
  RDP Security layer ==> Apply ==> OK

• ITunes is updated and works fine and I am able to log onto my account. When I go to purchase a song, I get the error message "Your Apple ID has been disabled". I've tried different methods: changing passwords, making a new account with another email addre

  iTunes is updated and works fine and I am able to log onto my account. When I go to purchase a song, I get the error message "Your Apple ID has been disabled". I've tried different methods: changing passwords, making a new account with another email address, and emailing itunes tech support. I am curious as to how many others have been experiencing the same issue. When I googled the error, it seemed like it was happening extremely often with many people.
  We all love their products, but they always come with a lot of issues and horrible customer support.
  My apple Id is [email protected]

  My Iphone 4 is telling me the same thing and I believe I figured out what the problem is.  I had some fraudulent charges on my itunes account, so I call my bank and disputed the charges.  Right after I did that, I started getting the message "Your apple ID has been disabled."  I just realized today that the charges are not fraudulent, they are "in app purchases."  One of my daughters downloaded the game Top Girl which is FREE, but in the game Top Girl you use money in the game to purchase things.  It just so happens that the money you use to purchase things is real money MY Money!!!.  My daughter thought she was using play money in the game and had no idea she was using real money.  She spent $106.00 buying stuff.  Now I have to call the bank and tell them to release the hold and pay Itunes.  I'm hoping this solves the problem.  Here is the link to learn how to disable "in app purchase" on your iphone or ipad.
  http://www.ikidapps.com/2010/12/parents-avoid-accidental-app-purchases-how-to-tu rn-off-in-app-purchasing.html

• Change Password in OBIEE 11.1.1.6.2

  Hi All,
  We are giving facility to the end users to change the respective password by logging into BI Publisher 11.1.1.6.2 where the Password Change Mechanism has been provided.So when the user change the password in Publisher then the same change will be reflected in OBIEE also.
  Now we have defined some rules for setting the password on Web-logic Console.SO when you try to change the password that rules should be applied while changing the password.
  Issue is that when you try to change the password in BI Publisher the rules are not getting applied.
  any help in this regard.

  Hi,
  I suggesting you better to go with LDAP athunthication. password changes everthing will be taking care by u r domain ctlr. no more option user to change password in obiee11g. the workaround i too tried it but its required couldn't completed its required webservices and j2ee/.net apexternal application code need to check it u r application code development team.drop me your email i can send my code.after getting this code u need to convert webservices and need to get discriptor jar/war file then need to deployit wia weblogic console.after theat JMX java bean need to run it
  In obiee11g users/roles are taking care by FMW.
  for the LDAP confuguration steps
  http://obieedue.blogspot.com/2012/01/obiee11g-integration-with-ldap-and.html
  Thanks
  Deva

• I am getting a Changing Password Failed error when I try to join an active directory

  I had a working AD configuration under Snow Leopard. When I upgraded to Mountain Lion, my account was no longer in sync with the domain. I got the red dot on the login screen and my domain password was out of sync. I unhooked from the domain at that point. This was several months ago.
  However, over the last few weeks, I keep finding myself locked out of the domain. I suspect it's something on my Mac that is trying to use my old credentials. I was hoping to rejoin the domain and see if I could get my account back in sync. When I get a domain admin to enter his password on the Directory Utility join screen, it first notes that the computer account already exists in the domain. I tell it to continue, but I can't get past this point:
  2013-06-24 14:21:20.729935 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - Computer account either already exists or DC is already Read/Write
  2013-06-24 14:21:20.732774 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - existing record found 'CN=MYMACHINE,OU=Default,OU=Workstations,OU=MyCity,OU=North America,DC=GLOBAL,DC=OURCORP,DC=NET'
  2013-06-24 14:21:20.732822 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - switching to cache 'MEMORY:0x7faef36ed770'
  2013-06-24 14:21:20.733141 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - Trying to find service kdc for realm GLOBAL.OURCORP.NET flags 2
  2013-06-24 14:21:20.734196 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - connecting to 12
  2013-06-24 14:21:20.734221 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - connecting to host: tcp 10.22.94.212:kerberos (1.2.3.4)
  2013-06-24 14:21:20.741380 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - host completed: tcp 10.22.94.212:kerberos (1.2.3.4)
  2013-06-24 14:21:20.741416 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - krb5_sendto_context done: 0
  2013-06-24 14:21:20.741619 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - trying to set password
  2013-06-24 14:21:20.741637 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - trying to set password using: MS set password in realm GLOBAL.OURCORP.NET
  2013-06-24 14:21:20.741648 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - using TCP since the ticket is large: 1560
  2013-06-24 14:21:20.741665 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - Trying to find service change_password for realm GLOBAL.OURCORP.NET flags 2
  2013-06-24 14:21:20.742867 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - connecting to 12
  2013-06-24 14:21:20.742908 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - connecting to host: tcp 10.22.94.212:kpasswd (1.2.3.4)
  2013-06-24 14:21:20.745231 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - host completed: tcp 10.22.94.212:kpasswd (1.2.3.4)
  2013-06-24 14:21:20.745250 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - krb5_sendto_context done: 0
  2013-06-24 14:21:20.745398 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - set password using MS set password returned: 0 result_code 3
  2013-06-24 14:21:20.745417 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - krb5_credential - Changing password failed for '[email protected]' with error '' (3)
  2013-06-24 14:21:20.745426 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - setting Computer Password FAILED for existing record - 5103
  2013-06-24 14:21:20.745818 EDT - 4934.65016, Node: /Active Directory, Module: ActiveDirectory - ODNodeCustomCall failed with error 'Credential operation failed' (5103)

  Reggierror,
  Had the same issue and discovered that I made my AD object name too long (16 instead of 15 character which is the limit) You might want to try making the computer object name shorter if you can.

• Change Password Screen error in - External Facing Portal

  HI,
  We have developed an external facing portal for anonymous users and the EFP has protected content which will redirect the users to enter logon information to access it.
  The process of authentication also working well in EFP but we are getting some strange error when the password was "reset' by administrator.
  Here is the process...
  1. Password 'reset" by administrator
  2. user clicks on "protected content"
  3. Logon screen displayed
  4. After entering details, should be redirected to change their password but instead of that we are getting "Java iView Runtime error"
  I need expert views on this to solve.
  This is happening only when accessing EFP, user will be redirecting successfully to change password screen when accessing through "/irj/portal"
  Any solution.
  Thanks
  MMK

  Here is the scenario ..
  1. User's password was reset by administrator.
  **That's fine.
  2. User gets redirected to change their password when logging (first time after reset) ... when accessing via .. http://<server>:<port>/irj/portal
  **That's ok too, this is just a redirection.  At this point I would be doing https for external customers though.
  3. Occured "Java Ivew run time error" when the user trying to login from External Facing Portal ... via .. http://<server>:<port>/irj/portal/anonymous?guest_user=partners
  **At this point you will have to look at your .trc log files. (logviewer)   If this is just an access denied issue then look at permissions in the roles or groups.  If you are assigning a new password, is that effecting a group or system membership?  The .trc files will give a heads up.

• Windows 8.1 cannot change password in Windows 2003 domain level domain

  On several installations of windows 8.1 enterprise, users cannot change passwords by using <ctrl> + <al> + <del> keys and choosing change password. 
  The error is: "The security database on the server does not have a computer account for this workstation trust relationship"
  Fresh Windows 8.1 enterprise installs with no patches to fully patched windows 8.1 enterprise workstations have the problem.  Backed out patches one by one and tested password change without success.  Tried various dell laptops, tablets, and workstations
  but same issue.  Tried VMware guest workstation with windows 8.1 enterprise.  The domain functional level is 2003 with a mixture of Windows 2008 R2 DC's and Windows 2003 DC's.
  The add/remove from domain did not help.  What troubleshooting steps should I take from this point?  Is this related to secure channel failures?  Note: did not find event log entries for the failures in the DC's nor on the workstation. 
  Perhaps I did not search  for the proper entry on the DC's.

  Hi,
  Please find below several possible cause of error “The security database on the server does
  not have a computer account for this workstation trust relationship”
  Secure channel is broken (Can fix by rejoin problematic client to domain)
  AD replication issue. The computer account exists on one domain controller but not others.
  Duplicated SPN (seems not possible)
  So, to narrow down the issue, you need to make sure the AD replication is working fine. Please run command
  repadmin /showrepl * on a DC, then post the result here.
  After that, please run
  set l on a problematic client, then post the result here.
  Moreover, please check on system event log and check if there have any related error of the issue.
  Thanks.

• Using Jackrabbit User Manager programmatically for changing passwords and getting user data.

  I am trying to do a change password request using the Jackrabbit User Manager with the REST URL /system/userManager/user/<username>.changePassword.json.  The problem I am having is that this request requires an oldPwd form param in the request.  The issue is that when I am trying to do this request it is in response to the user selecting "Forgot Password" so our logic has created a random password which we then email to the user so they can use that the next time they want to login.  We need to change that user's password in CRX so they can log in using it next time.  Since they haven't logged in there is no session, NOT the problem.  THE PROBLEMS, I don't know 1. how to use the userManager to get that user's old password, since /system/userManager/user/<username>.json doesn't appear to return the password and 2. if I could get the old password it most certainly will be encoded, some how, so I will need some decoding algorithm to pass it through in order to get the actual password to set as the oldPwd form param to my change password request.  Please let me know if you require any further explanation.  Any assistance would be greatly appreciated.  Thank you, in advance, for your assistance.
  Sincerely,
  Mike Sucena
  [email protected]

  Hi Mike,
  msucena wrote:
  Justin:
  Does your response mean that until version 2.1.2 of Jackrabbit User Manager is released I cannot change the password without knowing the old password?
  No. It means that this feature is not available in version 2.1.0 of the Sling Jackrabbit User Manager bundle. It was added after that release. You have a number of options:
  Build the bundle from source.
  Use one of the SNAPSHOT bundles available from the Apache Snapshots repository.
  Use the release which is being voted upon now (https://repository.apache.org/content/repositories/orgapachesling-175/org/apache/sling/org .apache.sling.jcr.jackrabbit.usermanager/2.2.0/). (Note - we decided to use 2.2.0 as the version number rather than 2.1.2 as originally planned due to the scope of this release).
  Write a different servlet which performs the same actions.
  Meaning that being able to use either the credentials of the "Admin" user or using the credentials of a member of the "UserAdmin" group is not supported in the current released version 2.1.0?
  Correct. It was added after the 2.1.0 release.
    If I currently need the old password is there any Sling REST - Jackrabbit API call I can use in order to get the old password since using /system/userManager/user/<username>.json doesn't appear to return the password?
  -Mike
  The plain text password is not stored. And this should be considered a good thing.
  If you have questions about the development process we follow in Sling (or at Apache as a whole), by all means ask on the Sling users mailing list. It is reasonably well-established and we love to talk about it.

• ISE 1.1 'Change password on next logon' fails on iPhone / iPad

  Hello -
  We're in the process of implementing an ISE 1.1 server for Guest Wireless Access / BYOD at our company and ran into an issue with authenticating from iPhones / iPads when the account is set with 'change password on next logon' (it's a local account created on the ISE server - not AD). It fails and displays 'unable to join network' on the iPhone. The ISE log shows a '5411: No response received in 120 seconds'. We're able to authenticate from Windows devices and are prompted to change the password during the authentication process. Has anyone else encountered this? If we uncheck the 'change password' box we can authenticate from iPhones & iPads without any issue but we need to have a way for users to set their own password.
  Thanks!
  Bill

  Hi,
  I am encountering the exact same issue in our lab environment, but with AD accounts (We would like customers to be able and connect to the dot1x network with their AD credentials, and based on machine authentication they will or will not get restricted access).
  Just to be clear: the change password functionality works perfect on laptops, but on ipad/android we just cannot connect to the dot1x (PEAP) network when the "change password on next login" checkbox is on.
  Anyone else who can shed some light on this?
  Thanks
  Tom

• TMG 2010 publishing Exchange 2010 OWA cannot change password if user must change password at first logon is set

  Hi,
   I have an odd issue whereby if I set "user must change password" on an AD account, the end user cannot logon, they're simply taken back to the OWA login page as if their password is incorrect.
  My setup is as follows:
  outer TMG -- uses a listener for email.contoso.com and is configured for no authentication.This uses a publishing rule to publish the inner TMG server. This server is not a domain member.
  inner TMG - uses a listener for email.contoso.com and is configured for NLTM\kerberos negotiation with forms authentication (Windows Active Directory). This server is a domain member and use a publishing rule to publish the internal CAS. Allow users to change
  password is selected in the publishing rules.
  Exchange 2010 SP1 - uses integrated windows and basic authentication. Has the appropriate registry key configured to allow users to change their AD password on first logon.
  I've registered an snp for "http/email.contoso.com mailserver-dc1", all SSL certificates being used are valid and my configuration used to allow users to login and change their password with "user must change password on first login"
  set in AD.
  If I launch a web browser on an internal server and point it to email.contoso.com I'm immediately presented with a generic Windows authentication request (similar to what's seen in ADFS) rather than the standard OWA page. No matter what I do, I cannot login
  and change my password using the correct URL. However if I point my browser at
  http://192.168.4.10/owa I'm prompted to login and I can change my password using the sam credentials.
  The only recent changes made are:
  - Disabling SSL 3.0 and enabling TLS  (http://www.isaserver.org/articles-tutorials/configuration-security/improving-ssl-security-forefront-threat-management-gateway-tmg-2010-published-web-sites.html)
  - Replacing the TMG listener certificates so that they now use SHA2 rather than SHA2 (certificates are trusted on each TMG server)
  Looking on the outer TMG and the DC logs I can see schannel errors which I believe are related to the problem. TMG monitoring also shows "Failed connection attempt: 1907 The user'spassword must be changed before logging on for the first time"
  I've checked that my inner TMG and DC are using the same certificate for server authentication and gone through this guide:
  http://blogs.technet.com/b/keithab/archive/2012/02/29/setting-up-and-troubleshooting-ldaps-authentication-in-forefront-tmg-2010.aspx
  If I try to use ldp.exe on the inner TMG, I get the error in the pic below
  Thanks
  IT Support/Everything

  Hi,
  You could try to analyze the TMG tracing and try the troubleshoot steps in the blog below.
  TMG 2010 – FBA, troubleshooting the change password feature 
  http://blogs.technet.com/b/isablog/archive/2012/05/07/tmg-2010-fba-troubleshooting-the-change-password-feature.aspx
  Best Regards,
  Joyce