Communication user is not requested change password
Hi
We have set a general rule, that users must change password every 90 days (login/password_expiration_time). We have now had a communication user in the system for more than 5 months, and the password is still not expired.
How can this be? Shouldn't communication users be forced to change the password?
In table USR02 I can see a field XUPWDSTATE - "Password Change Mandatory / Optional (See Domain XUPWDSTATE)", but I can't find any documentation on this field. The values are 0,1,254,255. Does anybody know what these values mean and how/when they are set.
Thank you for your help.
Regards, Morten
>
Morten Ellgaard wrote:
> Hi
>
> We have set a general rule, that users must change password every 90 days (login/password_expiration_time). We have now had a communication user in the system for more than 5 months, and the password is still not expired.
>
> How can this be? Shouldn't communication users be forced to change the password?
>
> In table USR02 I can see a field XUPWDSTATE - "Password Change Mandatory / Optional (See Domain XUPWDSTATE)", but I can't find any documentation on this field. The values are 0,1,254,255. Does anybody know what these values mean and how/when they are set.
>
> Thank you for your help.
>
> Regards, Morten
Well, that's a common misunderstanding:
accounts of type "COMMUNICATION user" are subject of password expiration - however the password change requirement is not enforced (since the server cannot interact with the user). Actually that's not mainly caused by the user type but by the communication protocol being used: RFC and HTTP allow both, interactive and non-interactive system usage. Only the DIAG protocol (used by SAPGUI) ensures that an interaction with the user is possible - and in this case the system is enforcing a password change (when required).
Note 622464 provides an overview on the user types and the ability / requirement to change passwords (and other impacts).
Side-remark: modifying the USR02 field would not have any impact on the password change handling (beside the fact that such direct table manipulations are risky and strongly discouraged).
As reported by other SDN community members (and stated in note 320991, quite at the end) there are some profile parameters that will cause RFC and HTTP based logon to fail for passwords which are expired / initial. Setting those profile parameters will result in a downwards-incompatible system behavior - for this reason the default setting is "off".
Indeed, if you intend to use "technical accounts" for (automated) system-to-system communication, then kindly use the user type "SYSTEM". In that case, the password is neither "expired" nor "initial" - no password change is required nor can it be performed by the SYSTEM user itself. Only an user administrator can set a new password (in systems as of NWAS 7.0: even a downwards-compatible one - despite the password policy, see notes referenced by note 622464).
Similar Messages
-
Hi all
I am trying to connect hana using jdbc code
here is my code
Class.forName("com.sap.db.jdbc.Driver");
String url = "jdbc:sap://host:30015/?";
String user = "Mujadid";
String password = "Cloud123";
System.out.println("try to connect to HANA !");
Connection cn = java.sql.DriverManager.getConnection(url, user, password);
System.out.println("Connection to HANA successful!");
ResultSet rs = cn.createStatement().executeQuery("select * from _SYS_STATISTICS.STATISTICS_ALERTS");
rs.next();
System.out.println(rs.getString(1));
I am facing following exception
com.sap.db.jdbc.exceptions.JDBCDriverException: SAP DBTech JDBC: [414]: user is forced to change password: alter password required for user MUJADID
at com.sap.db.jdbc.exceptions.SQLExceptionSapDB.createException(SQLExceptionSapDB.java:345)
Any suggestion?Hi Mathan!
now above error is esolved
But i m facing following error when i try to read connections table from live2 schema
com.sap.db.jdbc.exceptions.JDBCDriverException: SAP DBTech JDBC: [259] (at 20): invalid table name: Could not find table/view CONNECTIONS in schema LIVE2
and this table exist in LIVE2 schema
Any suggestion? -
How can I give an user the right to change passwords
I'm still absolute server beginner, so I have to ask here.
How can I give users the right to change passwords or to view calendars?
I didn't find it, yet.
I've found an option to change rights, when I click on the user with two fingers (right mouse button). But all options in this menue are grey.Hi Holger,
These are two fundamentally different issues. I'll try to address them each. For both you will need to have OpenDirectory set up (see the Users Next Steps list in the Server app). Once that is done. Additionally you will need the Server Admin Tools 10.7. Once you have them installed, you can specify the OpenDirectory password requirements for users
User Passwords in OpenDirectory
On the server, open Server Admin app.
Connect to you server, then click on the OpenDirectory service.
Click on the Settings icon.
Click on the Policies tab.
Click on the Passwords sub-tab, and you can set all the criteria for password requirements here.
Resetting Passwords
Users must log in as network users on the client computer.
Once logged in, to change the password, open System Preferences.
Click on Users & Groups.
The user icon will be a silhouette with stars in the background. This means it is a network user. Click on the Password tab at the top.
Click the Change Password ... button to change the password.
Calendars in iCal are much like RSS feeds: users need to subscribe to them, like we discussed in our other posting. Network users will automatically be given a network iCal calendar, and will be automatically subscribed to it. However, if you want to automatically add subscribed calendars to network user's accounts, you will need to use ProfileManager.
On the server, open Server app.
Click on the Profile Manager menu item.
Make sure that iCal service is running (green indicator next to it). Click on the "Include configuration for services: ...". Make sure the iCal icon is listed there.
Click the "Sign configuration profiles" checkbox.
Turn Profile Manager on.
Once Profile Manager has loaded (the gear at the bottom right will no longer be spinning), go ahead and click the Open Profile Manager link.
Log into Profile Manager as your directory admin user.
Click on the Groups menu item to give all users of a specific group access to the wiki calendar. This is best if you have a wiki for a group and want to share that calendar. Use the Everyone group to add this calendar for all users.
Click on Users to give access to only specific users.
Edit the profile for the group(s) or user(s) you selected by highlighting that group and clicking the edit button.
Scroll down and select the CalDav item on the left.
Click configure. Here you will need to enter the specific details for that callendar based on the subscription details you get when subscribing to the calendar via the wiki.
After all that you still need to configure each client computer to be set up for profile management, which really is a topic of its own. I recommend the following tutorials:
Installing OS X Lion Server
OS X Lion Server Administration Tool Tour
Setting Up Profile Manager on OS X Lion Server
Using Profile Manager on OS X Lion Server
Hope this helps, good luck!
~Mike -
Using Jackrabbit User Manager programmatically for changing passwords and getting user data.
I am trying to do a change password request using the Jackrabbit User Manager with the REST URL /system/userManager/user/<username>.changePassword.json. The problem I am having is that this request requires an oldPwd form param in the request. The issue is that when I am trying to do this request it is in response to the user selecting "Forgot Password" so our logic has created a random password which we then email to the user so they can use that the next time they want to login. We need to change that user's password in CRX so they can log in using it next time. Since they haven't logged in there is no session, NOT the problem. THE PROBLEMS, I don't know 1. how to use the userManager to get that user's old password, since /system/userManager/user/<username>.json doesn't appear to return the password and 2. if I could get the old password it most certainly will be encoded, some how, so I will need some decoding algorithm to pass it through in order to get the actual password to set as the oldPwd form param to my change password request. Please let me know if you require any further explanation. Any assistance would be greatly appreciated. Thank you, in advance, for your assistance.
Sincerely,
Mike Sucena
[email protected]Hi Mike,
msucena wrote:
Justin:
Does your response mean that until version 2.1.2 of Jackrabbit User Manager is released I cannot change the password without knowing the old password?
No. It means that this feature is not available in version 2.1.0 of the Sling Jackrabbit User Manager bundle. It was added after that release. You have a number of options:
Build the bundle from source.
Use one of the SNAPSHOT bundles available from the Apache Snapshots repository.
Use the release which is being voted upon now (https://repository.apache.org/content/repositories/orgapachesling-175/org/apache/sling/org .apache.sling.jcr.jackrabbit.usermanager/2.2.0/). (Note - we decided to use 2.2.0 as the version number rather than 2.1.2 as originally planned due to the scope of this release).
Write a different servlet which performs the same actions.
Meaning that being able to use either the credentials of the "Admin" user or using the credentials of a member of the "UserAdmin" group is not supported in the current released version 2.1.0?
Correct. It was added after the 2.1.0 release.
If I currently need the old password is there any Sling REST - Jackrabbit API call I can use in order to get the old password since using /system/userManager/user/<username>.json doesn't appear to return the password?
-Mike
The plain text password is not stored. And this should be considered a good thing.
If you have questions about the development process we follow in Sling (or at Apache as a whole), by all means ask on the Sling users mailing list. It is reasonably well-established and we love to talk about it. -
Users getting forced to change password at least twice when expired
Has anyone else experienced this?? A user expired yesterday, was prompted to change password and went into application. Tried to go in today and was prompted again to change password. The pwdchangetime is set to yesterday and the modifier is the user so pwdMustChange, (which is set to true), should not kick in.
Using OID version 9.0.4.1
thanksI've since found out that this is how Oracle has coded an expiration. If you change your password with a grace login, the modifiers stamp isn't your own. So you must change you password again if you have force change password set in your password policy.
-
BitLocker Activated - Not request for password
Hi friends!
Today I activated the BitLocker on my operating system (C:\), without the use of TPM.
But, in the startup the operating system is not prompted for the password for decrypt, why?
How can I do to request the password to decrypt the BitLocker drive every time I boot the operating system?
I use the Windows 8.1.
Thank youHi,
Generally speaking, this events only occures when BitLocker encryption failed. Therefore, please check your C drive encryption status firstly.
If C drive encrypted, how about reboot your PC? Will the problem occures? Please feel free let us know.
Roger Lu
TechNet Community Support -
R/3 Users of Type system Change Passwords
Hi,
I have the following scenario, I have users from R/3 that can access portals, but i don't want them to access from dialog in R/3. I created them of type user "B" as "system users".
How can i change the passwords of them in portals, like a service for "changing passwords" or "forgot passwords"?
Should i created them as other type? But the others types can access dialog?
regards,
Cesar FelceHi GLM,
I don't want to disable the passwords, i just want them to be able to change their passwords from the portal.
Let me explain my scenario again, I have many students that have a R/3 user account, but they only use sap from a WD4A applications so thay can update personal data and so on. The thing is thay they are users in R/3 of type system, because i don't want them to be able to enter form SAPGUI, but they can't change their passwords.
Student -> enter portals -> change password.
Student -> enter SAPGUI -> can't access.
We have the single sign on.
thanks for the help,
Cesar Felce -
RMAN settings in OEM not accepting changed password
Database 10.2.0.3.0, 32 and 64 bit versions.
OSes: Windows 2003 R2 Standard Edition
The previous DBA had the same password for the sys, system, and rman accounts. The RMAN backups are scheduled through the OEM's Backup/Recovery Schedule Backup. I finally changed the passwords so that sys, system, and rman are now different. I changed the rman password to be the same as in the Oracle rman account in the Windows local user accounts and made sure that the rman account is in the ora_dba account and that batch jobs are permitted. Note that these scheduled jobs were working just fine so I suspect the windows accounts are correctly configured. The rman account I'm using is the rman account used in a repository. This is the only Oracle rman account among all the databases that I backup.
I attempted to schedule a job to run immediately using the new password in the Host Credentials and I check the box for 'Save as Preferred Credential' but at the end of the run I get the error: RMAN-04004: error from recovery catalog database: ORA-01017: invalid username/password; logon denied
I'm logged into the OEM with the same exact system account log in as I would use from the rman command line target connection.
The Recovery Catalog Settings will not accept this new password. Instead I get the error message:
java.sql.SQLException: ORA-01017: invalid username/password; logon denied
After so many attempts the error message will say the account is locked and it is locked in the repository so it appears to be attempting validation against the correct location.
I prefer using the OEM over the Windows Task Scheduler - any ideas on what to do?
Edited by: pointreyes on Feb 4, 2010 8:30 AM - Discovered that a scheduled job ran immediately will fail to work as well.
Edited by: pointreyes on Feb 4, 2010 8:39 AM - note that I did not change all the passwords at the same time. The sys and system passwords were changed last week and the backups continued to work. Only after the RMAN password was changed did the backups fail.EdStevens wrote:
pointreyes wrote:
Database 10.2.0.3.0, 32 and 64 bit versions.
OSes: Windows 2003 R2 Standard Edition
<snip>
I prefer using the OEM over the Windows Task Scheduler - any ideas on what to do?
Edited by: pointreyes on Feb 4, 2010 8:30 AM - Discovered that a scheduled job ran immediately will fail to work as well.
Edited by: pointreyes on Feb 4, 2010 8:39 AM - note that I did not change all the passwords at the same time. The sys and system passwords were changed last week and the backups continued to work. Only after the RMAN password was changed did the backups fail.This is exactly why I don't schedule my rman backups in OEM. I never was able to figure out what was going on under the covers, but if I have to recreate something every time I change the password, then I'm looking for a different approach. Since I work in Unix, create shell scripts to execute my rman backups, and schedule them with cron. If on windows, I'd take the same approach .. the one you prefer not to use. OEM is a great tool, but it's not the perfect solution for every problem.Actually this is not really an OEM problem. I discovered this when I changed the rman catalog schema owner password and then attempted to backup the system through a remote job on another server. I am surprised if you changed your rman catalog schema owner that you have not ran into this yourself. Unless you are doing backups from a centralzied server that the rman catalog resides on.
You come across all kinds of interesting things no matter which tool us use. For example we are to log onto the system using our personal accounts and then sudo to Oracle....guess what happened when the Oracle users password expired...
Now that was a fun day....other DBA..."Backups are not working.."....Me..."Yes they are just fine when I execute them.".....other DBA.."Well cron jobs do not work."....Me..."Anyone log in recently with Oracle user??"
Problem was that the Oracle user password had expired and was needing to be changed.....cronjobs don't like it when that happens. -
Clicking on user does not bring up password prompt in Fast Switch
I have two users on my mac mini running OS X 10.7.4, both are administrators. When I click on my username in the upper right hand corner of the screen and select the second user, I can type in the password and "rotate" on over to the other user. However, from the second user account when I try and go back to the first user via the same process, no prompt appears when clicking on the user name from the drop down in the top right of the screen. Any solution?
Please read this whole message before doing anything.
This procedure is a diagnostic test. It’s unlikely to solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.
The purpose of this exercise is to determine whether the problem is caused by third-party system modifications that load automatically at startup or login. Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards. Boot in safe mode* and log in to the account with the problem. The instructions provided by Apple are as follows:
Be sure your Mac is shut down.
Press the power button.
Immediately after you hear the startup tone, hold the Shift key. The Shift key should be held as soon as possible after the startup tone, but not before the tone.
Release the Shift key when you see the gray Apple icon and the progress indicator (looks like a spinning gear).
*Note: If FileVault is enabled under Mac OS X 10.7 or later, or if a firmware password is set, you can’t boot in safe mode.
Safe mode is much slower to boot and run than normal, and some things won’t work at all, including wireless networking on certain Macs.
The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.
Test while in safe mode. Same problem(s)?
After testing, reboot as usual (i.e., not in safe mode) and verify that you still have the problem. Post the results of the test. -
User accounts locked when changing password
I have tried searching an answer to this for a while but have not found an answer yet. So have decided to see if anyone can shed some light on it.
Basic issue is that a user changes their password on their client machine which then locks their Open Directory account so can not login.
Users authenticate against the Open Directory hosted on a 10.5.8 server. Clients are 10.6.8. No I can not update servers to 10.6 as I only have one licensed copy of it. I syncronise RAID data between the two using PresStore. File sizes are not seen as being the same between OSs so complete backup made each time, not just the changes. Not ready for Lion or Mountain Lion server as I am within a very restrictive environment behind proxy servers, still testing and ironing out issues.
Clients are mobile users and the whole user area is synced on Login, Log out and every three hours when logged in. Fundamentally Mobile accounts work great, except when it comes to changing the password. When doing this the logout sync does not connect and then during the next login the account is locked. Even when unlocking the account it says the account is locked, appearing like a conflict between the local machine and open directory. Home folder is still on client machine.
The only way to remedy this is to delete the user plist through ARD and terminal command run as root
rm /var/db//dslocal/nodes/Default/users/usershortname.plist
Once this is done the user can then log in and it does a full sync.
DNS resolves fine, browsing and connecting to AFP shares is fine (although will not connect to the home directory on logout sync after the password change when shutting down. User can before this point stay connected to the shared volumes, save and work from them but can not automitically connect to the home folder share)
Just don't quite not know where to go now...Please refer below link on same topic, i hope you will get your answer.
http://cn.forums.oracle.com/forums/thread.jspa?threadID=2172418&tstart=0&start=15 -
M.B.P not requesting my password when starts up.
For some reason everytime I turn my computer on it gives full access to all of my imformation, it doesn't ask for the password
I try changing it in system preferences/ accounts/ Login Options.. but nothing still doesn't work any ideas on how to fix this.
I just don't wanna anyone having access to my computer.This has just happend on my Macbook air - and its driving me crazy - is this a scam? no "forgotton password" button, no "click here for help" I have never signed up for facetime and its ******* me off! Please help anyone!!!
-
I have installed lion, but my mail will not request a password,
as i wish my email to be private, on snow leopard it always asked me for a password but on lion it does not, i have done the usual and gone into prefrences and tried to cancel my password in there so when i then open mail its asks for a password, but it keeps just putting the password back in, any ideas
thanks
grahamCheck out /Applications/Utilities/Keychain Access.app and try deleting the info for the accounts in question
-
How to restrict changing password for user ?
Hi All experts ,
We have created users . Users should not change their password without permission of Administrator . How to restrict them by setting Permissions / Authorizations ?
Thanks.
KISHORE SATPUTEHi,
In "USER MAINTENANCE- SU01" --> in the "logon tab" there are 5 different "user type"
1. dialog
2. system
3. communication
4. service
5. reference
Kindly mention the function and role of all the above mentioned user types specifically and hows is one user type different from another.
These are as follows:-
1. Dialogue:-
For this kind of users:-
GUI login is possible.
Initial password and expiration of passowrd are checked.
Multi GUI logins are checked.
Usage:- These are used for GUI logins.
2. System
For this kind of users:-
GUI login is not possible.
Initial password and expiration of passowrd are not checked.
Usage:- These are used for internal use in system like background jobs.
3. Communication
For this kind of users:-
GUI login is not possible.
Users are allowed to change password through some software in middle tier.
Usage:- These are used for login to system through external systems like web application
4. Service
For this kind of users:-
GUI login is possible.
Initial password and expiration of passowrd are not checked.
Multiple logins are allowed.
Users are not allowed to change the password. Only admin can change the password
Usage:- These are used for anonymous users. This type of users should be given minimum authorization.
5. Reference
For this kind of users:-
GUI login is not ible.
Initial password and expiration of passowrd are not checked.
Usage:- These are special kind of users which are used to give authorization to other users.
Rewads point if helpful
Thanks
Pankaj Kumar -
Windows 7 Expired Password - Recvd Warning prompts but not forced to change password
Our Windows 7 users are prompted when their passwords will expire in 14 Days, however They are not forced to change thier password before it expires. If the users ignore the expiration warning they can only get logged into the network after having the helpdesk
reset thier password.
Is there a way to force Windows 7 users to change thier passwords on the day it expires. Our WinXP users get the 14 day warning and are forced to change thier passwords on day 14.
I have the GPO configured to notifiy users when thier passwords will expire in 14 days
Thank you,
GlenHi,
After applying above settings, the user can change the password by default at the expire day. Please create a new domain profile and test the issue on several Windows
7 machines. Can the user be enforced to change password at expire day? If not, please refer to the following steps to collect the information for research.
1. On the DC, open GPMC, right-click Group Policy Results, choose Group Policy Results Wizard, follow the wizard to collect a Group Policy result for problematic
Windows 7 client.
2. On the Windows 7 machine where GPO failed to apply, please perform the following steps to collect log files:
a) Please add the specified registry key to enable group policy log (%windir%\debug\usermode\gpsvc.log), and remove or rename it to disable group policy log after
collecting data. You may need to create the Diagnostics key if it is not there.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics
Type: DWORD
Value: GPSvcDebugLevel
Data: 0x30002 (hexadecimal)
b) Then on the problematic Win7 machine, run command “gpupdate /force”.
c) Then on the problematic Win7 machine, run command “gpresult /v > gpr_win7.txt”, send me gpr_win7.txt file.
d) On the problematic Win7 machine, run command “eventvwr”, then expand to Applications and service logs -> Microsoft -> windows -> groupPolicy
-> Operational. Right-click on it and click “save event as”. Save the file as .evtx format and send it to me.
e) After that, please send me the above output files. (please zip them first and then send them to me).
- %windir%\debug\usermode\gpsvc.log
- gpr_win7.txt
- win7.evtx
Please use Windows Live SkyDrive (http://www.skydrive.live.com/) to upload the GPMC
result and the zip files, and then give us the download address.
Thanks,
Novak
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ” -
Change password on the first use - does not work
Change password on the first use - does not work.
Created a user and specified 'Change password on the first use' - when user logs in - the 'Change password' window does not pop- up.
Please advise.(APEX 4.0.2) I am running into this same issue - if you don't set the password expiration and locking to 'Yes', the user gets into the app without being asked to change the pw.
When you do set expiration and locking - after the user logs on with their temporary password, it does take them to the change password page (4155:50) but the username is blank. Because the username didn't get to the page the old password will never match and you get the "Invalid password" message.
What am I missing? Anyone successful doing this?
Simple application, default authentication, no javascript, HTTP_SERVER, no ssl.
Thanks,
Steve
Maybe you are looking for
-
Mid 2010 macbook pro with 10.8. It crashes every now and then
Ive copied the crash report below I've beent to the Genius bar and they have asked me to reinstall the OS which i have done but still having the issue. Anyone else having similar issues or anyone out there who knows how to fix it? Thanks! Interval Si
-
Problems burning playlists?
Oh, boy...what doo-doo. When I want to burn a playlist, it burns some or most (depending on how it "feels") and then spits out the disk as unfinished (having 2 unfinished DVD DL discs and one single layer DVD disc as proof). Between this and the loss
-
Where do you find the ringtone tab on your personal itunes so that you can sync new ringtones to your iphone? I am trying to get ringtones from my ringtone app onto my phone and the directions said to click Ringtones on the top of iTunes. I am having
-
Have used the 'mimetype code to output to excel in the browser using pl/sql in the before parameter trigger, this trigger is still supposed to fire but when no parameter form used the output defaults to html and not the required Excel Does anyone kno
-
How can i download ios 6 to an iphone 4s if i dont have the phone with me?
how can i download ios 6 to an iphone 4s if i dont have the phone with me?