Client-side Password Changes

I have a Leopard server setup with user accounts, but no home directories. I plan on using the server for calendaring, dhcp, dns, vpn and some web applications. These web applications are configured to auth against the user's Open Directory account on the server or using LDAP against Open Directory.
How does a user change their password on the Mac OS X server?
Is there a more user friendly way to do it than having them ssh to the server and running passwd?

I am currently working on a webapp function that uses php ldap so the user can change his/her password but I am having some trouble with it. I can currently update the encoded userPassword attribute and I can see that it has been updated in the Server Admin inspector but when I try to authenticate to the Open Directory the new password doesn't work.
This leads me to believe that Leopard OD isn't using the userPassword attribute for OD authentication, can anyone confirm this??
Here is the PHP code I am using:
$encodedPass = "{SHA}" . base64_encode( pack( "H*", sha1( $pass ) ) );
$infoOPENBRACKETHERE"userPassword"CLOSEBRACKETHERE = $encodedPass;
$r = ldapmodreplace($ldapconn, "uid=".$username.",cn=users,dc=server,dc=domain,dc=com", $info);
Any help would be greatly appreciated!
Thank you very much!

Similar Messages

Password hashing on client side

Hi. I would like my users to have their passwords hashed in SHA1 at the client side when they login so that when the html form comes to the server, the password is hashed and in case if the form is being eavesdropped on , I do not need to worry about the passwords in plain since it's hashed.
I am not using SSL because there isn't much things to encrypt or hide secret other than just for the login passwords or users changing their user profile like updating their passwords. And SSL can add quite abit of cost to my client's web hosting budget.
So simply, is there anyway to hash passwords in client side using JSP before it is sent to the server ?

Not using jsp no, because JSP stands for Java SERVER Pages. Meaning that java/jsp only runs on the server.
You can do it in javascript client-side: http://www.movable-type.co.uk/scripts/sha1.html
But whats the point?
Now instead of sending what they user typed in, you send the hash of it.
If anyone is monitoring the line, they can just send the hash of it as well.
No protection is afforded you by doing this.
Hashing the password doesn't stop someone stealing it by tapping into the line.
What is DOES stop is somebody querying your database and saying "give me a list of username/passwords"

Vpn client radius ad password change

Hi
I've read a few posts about this on the forum and it seems like very few people are able to resolve the issues they are having.
I have a working remote access vpn and I'm trying to add the password-expiry functionality. I've set a test user in AD to "change password at next logon" and when I logon using this user in the vpn client (5.0.07.0410) I am prompted for a box to type my new password twice. This is never written back to the server and the original authentication box pops up again. The password change box has the codes E=648, R=0, V=3 as in the attached image.
Does anyone have this working with radius and AD? A windows password change would normally request the old password to reauthenticate and then the new password twice.
Thanks
Cammy

Cammy,
Are you using radius to authenticate the vpn session or are you using ldap which is pointing to AD for authentication? This will work with radius since you can use mschap v2, however i want to be sure how you have your ASA setup first.
Thanks,
Tarik Admani

How to encrypt username and password before transmit on client side

I want to encrypt the username and password at client side when user login to my page first and then send to server.
Could anybody tell me how to do it?
Thanks a lot.

Yup , What suggested is true...
The HTTPs authentication type is mainly for encrypting..
This is an extract from the book i have which states how you can do that...
UNDERSTANDING AUTHENTICATION MECHANISMS
HTTPS Client authentication :
HTTPS is HTTP over SSL (Secure Socket Layer). SSL is a protocol developed by
Netscape to ensure the privacy of sensitive data transmitted over the Internet. In this
mechanism, authentication is performed when the SSL connection is established
between the browser and the server. All the data is transmitted in the encrypted form
using public-key cryptography, which is handled by the browser and the servlet container
in a manner that is transparent to the servlet developers. The exam doesn�t
require you to know the details of this mechanism.
Advantages
The advantages of HTTPS Client authentication are
� It is the most secure of the four types.
� All the commonly used browsers support it.
1 Actually, instead of the password, an MD5 digest of the password is sent. Please refer to RFC 1321 for
more information.
Disadvantages
The disadvantages of HTTPS Client authentication are
� It requires a certificate from a certification authority, such as VeriSign.
� It is costly to implement and maintain.

Changing db2 sid password

Hi,
Recently i just changed db2<sid> password in AIX using passwd command and also i changed the password in r/3 (tcode dbacockpit under database connection)
After that i looked at the etc/security/failedlogin file and i saw a lot of db2<sid> entries.
Can anyone enlighten me which part i have missed out or done wrongly?
Thanks a million

Hi,
Changing the db2<sid> password will not require the
update of other users or any other change to reflect the changed
password. which would be needed if you change the passwords of
<sid>adm and sap<sid> (these would need to be updated via dscdb6up)
But if you change the db2<sid> password
it will not affect the running of the SAP instance as SAP
does not use this user to connect.
Do you see alot of entries in the db2diag.log of
Password validation for user db2<sid> failed with rc = -2146500507
validation for user db2<sid> failed with rc = -2146500507 in the
db2diag.log file means that the "Password does not belong with
specified user id" after DB2 SERVER password was changed for instance
owner.
It will not harm the system but some user or script is still using the
old password to connect and it generating this entry. It would be very difficult
to track down exactly what is tyring to connect as it is not an SAP application.
regards,
Paul

I needed to change the SAPService SID password for security reasons

Hello Basis,
How do I change the SAPService<SID> password at the windows level.
Thanks in advance,
David

got it.

Customizing Oracle Web Access Client password change

We need to turn off the built in Password Change feature in the Oracle Web Access Client of Collaboration Suite or, an even better option, redirect it to our custom built change password application. It appears in the client under Preferences in the same pop-up window as General and Time Zone. We've been poking around in the file structure and trying to find what renders this page. Can anyone offer any help?
Thanks.
Troy

Hello,
You can't do that in WAC but in the Webmail interface > Preferences > Account > Folders you can set this for Oracle Mail.
Hope it helps.
Irina

Need to change IP address of printer on CLIENT side.

I'm connected to a network printer (HP 4200 laser) and it's been working just fine. Then the boys in IT changed its static IP address. I need to go into my configuration for this printer and change the IP address so that my Macbook Air (10.9.4) can find this printer. But I can see no other way to change the IP address than to delete the printer and reconfigure it all over again. Is that right? It can't be right. What am I missing? The best I can seem to do is to "Open Print Queue" and then click "Settings" but this is all I'm seeing. There is no way to change the destination IP address on the client side.

MrHoffman wrote:
Why aren't your network people using DNS to name the printer? If they change DNS, then the printer should resolve automatically.
What a comedian! It was just the other day that I went through a few programs at work and replaced the DNS name with a hard-coded IP address. It seems they are moving the service to a new machine and this is part of their migration strategy. I can't argue with logic like that.

Solaris 10 - ldap client - tls/ssl - password change

we have configured solaris 10 as a ldap client to sun directory server 6.3.1, on enabling tls:simple, password change operation is just failing with following error message.
passwd -r user1
passwd: Changing password for user1
passwd: Sorry, wrong passwd
Permission denied
where user1 is just in ldap and not in unix local. this function works if the authentication mechanism is just simple, but on enabling tls:simple, we get the error message.
any ideas will be highly appreciated.

Not that it helps any but I am getting his same error. I am also using 6.3.1

Retrieve client side changes using componet binding

I have a selectBooleanCheckbox in my jsp bound to a HtmlSelectBooleanCheckbox.
On client side I have a js function that enable/disable the checkbox, I would like to know if is possible to get the client (changed) value by the component reference in my backbean.
How can I set the client "disable" attribute value in the server component on submit?

Not possible. That isn't been sent to the server as a request parameter. Best what you can do is to pass it along as a hidden input parameter, or to live with a cycle to the server on click.

How to handle password changes if we implement singlesignon between BO& BI7

Hi,
As we know ,we can implement single signon between BO and SAP BI 7, by importing roles and users through CMC and by selecting the option "Use Single signon during report refresh time".
My doubt here is, When we import roles from SAP and Auto import the users, is it only the SAP usernames that are stored in BO repository or both username and password. If second case holds true then how to handle/manage password change for a user who is already imported in BO sometime back?
Would the password changes be reflected automatically in BO?
Please guide me if you think that I'm thinking in a wrong direction.

Hi Naresh,
password changes are reflected automatically in BO. BO just forwards the data to the SAP side and it does the real authentification.
Regards,
Stratos
PS: Keep in mind that you cannot change the SAP password on the BO login screen if your SAP password has expired. You have to do this with the SAP client (SAP GUI)

ACS 5.3 UCP Password Change

Hi at all,
i have a Problem with the UCP Webside Password Change.
The Side is running without Problem. A Password Change for the normal User is also o.k.
Here me Problem.
I will use this Side also for our Admins to Change here Password but this User has also a Enable Password.
Is it Possible to Change also this Password with the UCP Webside?
Thanks for help.
regards
Andreas

Hey Tushar,
That is our current setup. Right now each user logs in with their AD credentials to get into user exec mode and the same password to get into privileged exec mode. I would like to have a user login with their normal AD credentials to get into user exec mode and a different password (specific to each user, not locally on the device) to login to privileged exec mode. We are doing this for security reasons. Hopefully that clarifys what I'm trying to do.
Thanks

Client side event for h:outputText... and other JSF component

Hello friends...
I need client side (to use Java script ) event for change in <h:outputText /> or <h:inputText...>.
I want to open a popup window when there is a change in there. I donot want to use onblur() for this. Is there any thing for achiev it.
Thanks.
Regard
Roshan Lal ( I don't know why there is "DOG" display in LIST )
:-)

Hi Jacek,
Unfortunately I think you may be stuck extending Renderer. Another possibility is creating your component via a template, which will be available in JSF 2.0. However, as JSF 2.0 won't be out for a while... you can use JSFTemplating in the meantime:
http://java.sun.com/developer/technicalArticles/J2EE/jsf_templating/
http://www.theserverside.com/tt/articles/article.tss?l=JSFTemplateComponent
Good luck!
Ken Paulsen
https://jsftemplating.dev.java.net

How to implement Force password change during authentication

Description of problem
Our client requires web applications to support its internal security policy beyond
normal authentication. This includes:
- force password change periodically. This should be performed at logon time.
- maintain password history so that a new password would not repeat any of its
previous 15 changes.
We already have an authentication server that satisfy these requirements. However,
we would also like to base our solution on WebLogic security framework so that
we can leverage the benefit of the container-managed declarative security (e.g.
we don't need to use our special cookie to check whether a user is authenticated
for every web page in the application). So the best scenario for us is to wrap
up this authentication server using WLS 7.0 authentication SSPI.
My initial investigation of WLS 7.0 security framework (based on edocs and the
sample customer security provider codes) convinced me that overall, this is achievable.
However, I am still left with quite a few questions, which I would like to get
your help.
Questions:
1. (web container) The J2EE-standard container-based authentication is to specify
<login-config> element. My understanding is that only FORM based authentication
is applicable. The specified form elements:
<form method="post" action="j_security_check">
<INPUT TYPE="TEXT" NAME="j_username">
<INPUT TYPE= "password" NAME="j_password">
</form>
is adequate for authentication. However, if the authentication service provider
indicates that password change is needed, what would be the most appropriate way
within WebLogic for the authentication service provider to pass such a flag to
the web container know so that our application can access it? I guess, a simpler
question, would be, using the standard <login-config>, webapp knows only about
authentication fails or succeeds. Can it possibly know more information provided
by the authentication service provider right after authentication?
2) If we don't use standard FORM-based authentication, we will code up our own
authentication control, which could give us a lot more flexibility, but can we
then bind our Subject obtained through our authentication control to the WebLogic
Subject that is running the webapp.
3) (Authentication service provider) Our design is for the custom LoginModule
to delegate login calls to the authentication server, and throws more refined
exceptions such as: FailedLoginException, PasswordExpiredException, UserAccountLockedException
(all subclassed from LoginException). Another approach is to provide detailed
information such as password expired in callbacks. Either way, when Authentication
service provider returns, how our web application can access this refined flag
of authentication result.
4) Can our customer authentication service provider use DataSource defined in
a weblogic server? I ask this question because DataSource itself is a protected
resource of WebLogic. Will referencing it during authentication initiate another
authentication cycle?
Can anyone who has experienced similar requirements and worked solutions please
give me a hint? I appreciate your guidance.
regards
Licheng

"Licheng" == Licheng <[email protected]> writes:
Licheng> Description of problem
Licheng> Our client requires web applications to support its internal security policy beyond
Licheng> normal authentication. This includes:
Licheng> - force password change periodically. This should be performed at logon time.
Licheng> - maintain password history so that a new password would not repeat any of its
Licheng> previous 15 changes.
Licheng> ..
Licheng> We already have an authentication server that satisfy these requirements. However,
Licheng> we would also like to base our solution on WebLogic security framework so that
Licheng> we can leverage the benefit of the container-managed declarative security (e.g.
Licheng> we don't need to use our special cookie to check whether a user is authenticated
Licheng> for every web page in the application). So the best scenario for us is to wrap
Licheng> up this authentication server using WLS 7.0 authentication SSPI.
I believe it's impractical to fit the requirement of forcing a password change
into the standard JAAS interface.
I think the only practical way to do this is to implement a servlet filter that
reads the persistent record of the logged-in user to check for a "force change
password flag". If it finds this, the servlet filter will forward to a page to
change your password. Note that the servlet filter may be hit again when
trying to get to the change password page, so it needs to know to not do the
check in that case.
If you implement this, I would strongly urge you to softcode the "change
password" page URL in your system configuration, and not hardcode it in the
servlet filter.
===================================================================
David M. Karr ; Java/J2EE/XML/Unix/C++
[email protected] ; SCJP; SCWCD

Save report on client side in three tier architecture

Hi,
We have a 3 tier 10g R2 Application server installed on Unix.
We want to generate and save report directly to a location on client machine.
But when we try to do that report is saved in server and not on client machine.
Can anyone help in this regard?
Av.

Hi,
We are aware of this method, but this is causing following problems to us -
1. Report name concurrency, we will have to change existing coding to a large extent to make sure same report when generated by different users should have seperate names so that there is no conflict.
2. To transfer to client machine there can be access right issues, though we have not tested this aspect.
So was thinking if there is any other way through wich we can directly save the report on client side rather than transfering file between AS and client?

Client-side Password Changes

Similar Messages

Maybe you are looking for