NDS 4.16 Auth Solaris 8, password aging support or not?

I have set up a Netscape Directory Server from version 4.13 to 4.16 for auth Solaris 8. I find the password policy do not affect to the Solaris users. Also, the group of the LDAP show in the number.
-rw-r--r-- 1 test2 11 0 Nov 21 16:26 test2
The number 11 should be the group name refer to LDAP but the user test2 is a LDAP's user and group policy is working.
Please help!!
Lucas

The Solaris 8 authentication through LDAP does not support the Password Policy yet.
Ludovic.

Similar Messages

  • SCCM 2012 Password Age and if not set to Expire

    Hi,
    I browsed the Resource Explorer in SCCM 2012, and found that it shows the Age a person last changed their passwords.
    Can anyone assist me on how to get that data out of SCCM 2012?
    Kind Regards

    If you are talking about reports, First you need to configure sccm to collect that attribute from AD in the
    ad user discovery properties on Active directory Attributes tab. After the successful collection of those attributes you can query against "v_R_User" view and extract the information.
    Adding the attribute Pwd-Last-Set and msds-UserPasswordExpiryTime0 to user inventory would be of some help.
    Delphin

  • Enhanced login security and password ageing in SAP R3 Enterprise 110

    Hi,
    today we will activate "Enhanced login security and password ageing" on our R3 (SAP R3 Enterprise 110) development environment.
    new parameters
    Enhanced login security and password ageing
    login/min_password_lng = 8
    login/password_expiration_time = 365
    login/min_password_diff = 2
    login/min_password_letters =  1
    login/min_password_digits = 1
    anyone any expirience on possible problems which can occur after activating these new settings.
    Many thanks in advance
    Patrick Van Vlerken

    No... this should do what it sais in the tin.
    Read,
    http://www.*********************/password_sap.htm
    Regards
    Juan

  • IDS 5.0 SP2 + Solaris 8 password problem

    Iplanet version : iDS 5.0 SP2 + Solaris 8
    Password:
    user must change password after reset : yes
    user may change password : yes
    allow changes in 0 days
    keep password history : yes
    remeber 6 password
    Password expires after 90 days
    send warning 7 days before password expires
    check password syntax : yes
    password min length : 6
    Account lockout:
    Account maybe lockout : yes
    Lockout account after 3 login failures
    reset failure count after 525600 minutes
    Lockout forever : yes
    We discovered that when the user password is expired due to the field 'passwordexpirationtime' is past, there are two types of password expiration within iplanet ldap. One type of expiration will allow user to change the password by themselves, however, the other type did not
    We discovered that when we put a 'Z' on the field passwordexpirationtime, it will show the first type of password expiration that user can change their password. When we remove the 'Z' from the field passwordexpirationtime. it will not allow the user to change the password by themselves, we provide a screen dump at the end.
    Moreover, the problem may be triggered by other event instead of adding a 'Z' on the passwordexpirationtime field
    Here is the screen dump for you to investigate, you can see that the output with 'DSA is unwilling to perform' is the type where user can change their password, while the output with 'Invalid credentials' is the type where user CANNOT change their password.
    Case 1
    ======
    %ldapsearch -p 3389 -b o=orange,c=us uid=john passwordexpirationtimeuid=john,o=jpmorgan,c=us
    passwordexpirationtime=19900101000000Z
    %ldapsearch -v -p 3389 -D uid=john,o=orange,c=us -w abc123 -b o=jpmorgan,c=us uid=john
    ldap_init(localhost, 3389)
    filter pattern: uid=john
    returning: ALL
    filter is: (uid=john)
    ldap_search: DSA is unwilling to perform
    0 matches
    Case 2
    ======
    %ldapsearch -p 3389 -b o=orange,c=us uid=john passwordexpirationtimeuid=john,o=jpmorgan,c=us
    passwordexpirationtime=19900101000000
    %ldapsearch -v -p 3389 -D uid=john,o=orange,c=us -w abc123 -b o=jpmorgan,c=us uid=john
    ldap_init(localhost, 3389)
    ldap_simple_bind: Invalid credentials
    ldap_simple_bind: additional info: password expired!
    I know there's nothing to do with 'zuru' suffix, ldap schema supports both of attribute
    values format. But this happen in my LDAP. Any hints?
    Question:
    - Under what condition the LDAP will complain "DSA is unwilling to perform" or
    "Invalid credentials"
    - Any hints to resolve the problem

    If something had changed recently, drill into that.
    Do a hardware RAM test to confirm HW level soundness.
    You may capture the core dump or similar information and send it to Microsoft for analysis.
    They may ask you to do the usual thing: apply W2KSP4 and/or OS and security patches.
    You also have the option of migrating IDS5.0/Windows to IDS5.2Patch3 (also as Sun Java System DirSvr 5.2) running on Solaris10 x86.
    Gary

  • Password aging on individual accounts

    Hi,
    I have password aging enabled on this server. The MAXWEEKS is set to 13. After an audit, the MAXWEEKS has to be set to 12. If I do that, will all users currently at 91 days go to 84, or do I have to alter each one individually as well? Like if I change the /etc/default/passwd, will that only take effect for new users (which I suspect is the case)? How can I set each current userid from 91 days to 84? Also there are some IDs with no password again enabled. How can I enable it for a single userid?
    Thank you,
    S.

    Changes to /etc/default/passwd file do not update existing fields in the /etc/shadow file.
    The passwd command has some options that allow you to set these values. The following will change a user's max to 91:
    # passwd -x 91 <login>
    Now all you need is a script to loop through each user account and make the change. For ksh it would lool like this:
    for username in `awk -F: 'print{ $1}' /etc/shadow`
    do
       passwd -x 91 $username
    doneYou probably ought to test this first, though, and make sure you'll get the results you need.

  • Password aging with ACS + UCP in a wireless network.

    Hello
    We want to use ACS in our wireless network, but we would like to allow users to change their own passwords, so we want to use UCP.
    Additionally, we want to force them to change their passwords after a period of time or number of logins.
    Is it possible to use password aging based on time or number of connections when users connect through UCP web interface?
    Also, does using UCP requiere some kind of additional license/payment?
    Thanks.

    Juilo,
    No the UCP sample scripts have to run on a seperate ACS server and you have to enable the ucp intefaces through the cli to accept the UCP requests from the other server.
    Here is a link that will help you.
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.4/user/guide/admin_config.html#wp1105672
    Tarik Admani
    *Please rate helpful posts*

  • Password Aging & Account Lockout in ACS 4.2

    I have a requirement that in ACS the  user accounts should get disabled after 1 day , so in the group setting under the Password Aging Field I configured the same as 1 day , the Grace & Warning Period is 0 days
    I want that all these user accounts would be active for 30 days , and the moment the account is used (i.e the Start Message appears in the Radius Accounting ) then after 1 day  from the usage then as per the Password Aging Rule the account should get expired.
    Now my query is this password aging rule will start from the day I create the account in the ACS or from the day the user logs in.
    I don’t want to use the Account Lockout Tab as I don’t know when the guest account would be used.
    Request someone to help pls clarify my doubt.
    Regards

    Hi Yusuf,
    Password Aging on ACS will just prompt to change the password. it will not disable the account.
    The Account is present on the AD. So the Disabling and lockout features for an account will come from the AD.
    I don't think a change in password for a guest account is what you would want to do.
    Also according to me disabling the account should be a feature only for the AD admin and not open. A lockout can definately happen but that also has to be defined on the AD.
    The link to password Aging on ACS is as follows:
    http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/GrpMgt.html#wp525115
    Hope this helps.
    Regards,
    Anisha
    P.S.: please mark this string as answered if you feel the query is answered.

  • LDAP Password Aging and JNDI

    Does any one know how to read the Password Aging info from SunOne Directory server using JNDI? I need the password expiration details to be very specific.

    Never used JNDI before but you can read from standard command line as follows ....
    /usr/bin/ldapsearch -h ldaphost -D "cn=Directory Manager" -w shroot -b "cn=proxyagent,ou=profile,dc=marconi,dc=dddd,dc=eeee,dc=com" "objectclass=*" createtimestamp
    /usr/bin/ldapsearch -h ldaphost -D "cn=Directory Manager" -w shroot -b "cn=proxyagent,ou=profile,dc=marconi,dc=dddd,dc=eeee,dc=com" "objectclass=*" passwordexpirationtime
    /usr/bin/ldapsearch -h ldaphost -D "cn=Directory Manager" -w shroot -b "cn=proxyagent,ou=profile,dc=marconi,dc=dddd,dc=eeee,dc=com" "objectclass=*" pwdchangedtime

  • How to recover sun solaris 10 password

    i have install virtual machine some day back and set password for user name root. today when i try to login on that machine i forget the password.what should i do in order to recover the password for root.

    Use Google:
    keywords "+solaris root password+"
    See more than 4000 search results.
    Alternative?
    Start all over again and reinstall the OS from the beginning.

  • Solaris root password & installer

    I have installed oracle solaris 11 exp, but :
    I have difficulties finding root password, have tried solaris & my user password but it's not going,
    during the installation I have used solaris passwrd for the partition manager and it worked, but no later,
    I also would like to ERASE ALL PASSWORDS of the system, ... give password, give password, give password, it gives you a headache,
    and by the way, do I have to buy an application installer or I have with the package?
    thank in advance,
    max.

    root is a role by default in Solaris 11, so i don't think it actually have a password, or am i wrong here? You can set a password by running pfexec passwd rood from the user who you created as an administrative user..
    .7/M.

  • Display a banner at bootup, how to setup password aging.

    I trying to implement some DOD security measures and I just can't find how to make the changes. Anyone have any suggestion for the following issues.
    warning banner at bootup, password aging every 90 days,

    I trying to implement some DOD security measures and
    I just can't find how to make the changes. Anyone
    have any suggestion for the following issues.
    warning banner at bootup, password aging every 90
    days
    You could set up your courses so that everything needed authentication, which would prevent the public from browsing them. As far as a warning banner and password aging goes, could the warning banner appear on your authentication page? Or perhaps just on the iTunesU banner after they log in?
    Password aging would be handled by whatever authentication you'd using to access iTunesU. While you can (eventually) setup roles in iTunesU to augment authentication, it's assumed that you'll extend your campus authentication scheme to control access to the iTunesU site.
    Ken Newquist
    Lafayette College

  • Password aging for externally authenticated user

    Hello All:
    How can we implement the password aging of externally authenticated user.
    Thanks
    San~

    If the user is externally authenticated, then the password expiry should be external. E.g for the unix account.
    "When you choose external authentication for a user, the user account is maintained by Oracle, but password administration and user authentication is performed by an external service. This external service can be the operating system or a network service, such as Oracle Net.
    With external authentication, your database relies on the underlying operating system or network authentication service to restrict access to database accounts. A database password is not used for this type of login. If your operating system or network service permits, you can have it authenticate users. If you do so, set the initialization parameter OS_AUTHENT_PREFIX, and use this prefix in Oracle user names. The OS_AUTHENT_PREFIX parameter defines a prefix that Oracle adds to the beginning of every user's operating system account name. Oracle compares the prefixed user name with the Oracle user names in the database when a user attempts to connect."

  • ACS V 4.1.1 build 23 Password Aging over SSH does not work.

    Hi, my name is Elias and I have problems with ACS Password Aging over SSH does not work and there is no password aging meseges sent by ACS to de console when I use SSH. I know that there is problems with this but I can't find any workaround or documentation that says that there is no workaroun. Can you help me with this??
    King Regards.

    Hey Elias,
    SSHv1 does not support password changes as you can do in telnet. You will need to be
    running a version of IOS that supports SSHv2.
    The following site explains what versions support this:
    http://www.cisco.com/en/US/partner/products/sw/iosswrel/ps5207/products_feat
    ure_guide09186a00802045dc.html
    Rgds,
    somishra

  • Logging HTTP Auth Login and Password

    Hi,
    I'm making a small Webserver where everything is protected behind an Authentification. I would like to log every good and bad tries, to know who's trying to access my Webserver and with which credentials. I'm actually using lighttpd, but I found nothing.
    I heard about libapache2-mod-auth-mysql, but I read it's not available on Arch Linux natively and I'm not even sure it's doing what I want.
    Any other idea?
    Thanks a lot!
    Last edited by jpmonette (2011-01-12 19:43:02)

    Hello,
    It seems your aren't in the user list of SSRS.
    Are you the admin of the system? If so then in start menu right-mouse click on Internet Explorer => "Run as Administrator" and then open the url again, you should be able to connect to SSRS. Then goto "Site settings" (right side on top) => tab "Security"
    and add there your Windows account  with role membership "System administrator". Then you should be able to open IE as "normal" user to connect to SSRS.
    Olaf Helper
    * cogito ergo sum * errare humanum est * quote erat demonstrandum *
    Wenn ich denke, ist das ein Fehler und das beweise ich täglich
    Blog
    Xing

  • Exchange 2013 OWA user must change password at next logon not working

    Hi,
    I have installed Exchange 2013 on Windows 2012 Server. I create users in ECP and select "user must change password at next logon" option. When newly created user logs in, the OWA page doesn't prompt for password change and just throws error "The
    user name or password you entered isn't correct. Try entering it again"
    I have enabled Change Password feature in CAS server, but still not working.
    Any answers, suggestions would be great help
    Regards
    Sunil

    Hi Sunil,
    Have you tried as Martina said and does it work?
    If not, please try to set the Minimum Password Age to 1 according to link below. I found some threads which are similar to yours and were solved by this way in Exchange 2013 environment.
    http://support.microsoft.com/kb/827614
    And for further troubleshooting, please create a new user with "user must change password at next logon" option checked and see if he can log on domain-joined PC.
    In addition, please check the event log to see if there is any related error message.
    Regards,
    Rebecca

Maybe you are looking for