Requests to change password

Similar Messages

• MSChapV2 change-password packet request

  Hi!
  I am working around a CISCO ACS server to authorize users access in a  web application. All is done and working but i would like now to support  the password expiry procedure trought the MSChapV2 protocol.
  I edit a user on the server with the password expiration and when i  connect with his credentials i receive the correct message from server:  a AccessReject packet with in MS CHAP ERROR the string with the code 648  (Password expiry).
  I studied the RF2759 and it said that the change-password packet (id =7)  should now be sent to change the old password with a new one.
  I am using jradius to communicate with the server but nothing i found on  internet about it and the use of the change-password packet (examples or  something other).
  Actually i found some sources (es.
  http://www.opensource.apple.com/source/eap8021x/eap8021x-100/EAP8021X.fproj/mschap.c
  )  and i am tring to implement them converting the logic from C to java but  it is going to be a very hard work.
  Does somebody know something (examples, sources, libraries) about the  change-password packet sending?
  Thanks, bye
  Emanuel

  Hi Tarik
  Cant seem to get my screenshot to display
  Anyway i see it from my ACS Monitoring and
  Reports -
  AAA Protocol > AAA Diagnostics
  Severity:
  DEBUG
  ACS Session ID:
  lon-inf-lacs01/142119818/778063
  Date:
  December 31, 2012
  Generated on December 31, 2012 11:27:46 AM GMT
  Dec 31,12 6:23:17.850 AM
  Dec 31,12 6:23:17.823 AM
  lon-inf-lacs01/142119818/778063
  WARN
  TACACS+ authentication request switches from Login to Change Password functionality.
  CSCOacs_TACACS_Diagnostics
  13041
  Thanks for getting back to me
  Steve

• I use Hotmail on my iPad. Yesterday I changed my password on the account using my home PC. Now the ipad requests the new password but when I enter it I get Password Incorrct and it asks to enter it again.

  I use Hotmail on my iPad. Yesterday I changed my password on the account using my home PC. Now the ipad requests the new password but when I enter it I get Password Incorrct and it asks to enter it again. The sticky part is that no matter what app I bring up including settings, the password request pop up appears and the app cant' be used

  I was going to say either that or to remove the email from your email account settings(on ipad) and put it back on. Happens everytime im forced to change my work email password. I need to delete the account and add it again for it to accept the new password.

• My daughter continues to request to change the password so she can access the app. store and download stuff with out my permission. How can I block the app. store from her ipod or change it so she has no access to it?

  My daughter continues to request a new password when I change it so she can access the App. store and download stuff with out my permission? What can I do to block the app. store on her itouch or stop her from being allowed to change the password?

  Hide the App store via Restrictions. See:
  iOS: Understanding Restrictions

• Communication user is not requested change password

  Hi
  We have set a general rule, that users must change password every 90 days (login/password_expiration_time). We have now had a communication user in the system for more than 5 months, and the password is still not expired.
  How can this be? Shouldn't communication users be forced to change the password?
  In table USR02 I can see a field XUPWDSTATE - "Password Change Mandatory / Optional (See Domain XUPWDSTATE)", but I can't find any documentation on this field. The values are 0,1,254,255. Does anybody know what these values mean and how/when they are set.
  Thank you for your help.
  Regards, Morten

  >
  Morten Ellgaard wrote:
  > Hi
  >
  > We have set a general rule, that users must change password every 90 days (login/password_expiration_time). We have now had a communication user in the system for more than 5 months, and the password is still not expired.
  >
  > How can this be? Shouldn't communication users be forced to change the password?
  >
  > In table USR02 I can see a field XUPWDSTATE - "Password Change Mandatory / Optional (See Domain XUPWDSTATE)", but I can't find any documentation on this field. The values are 0,1,254,255. Does anybody know what these values mean and how/when they are set.
  >
  > Thank you for your help.
  >
  > Regards, Morten
  Well, that's a common misunderstanding:
  accounts of type "COMMUNICATION user" are subject of password expiration - however the password change requirement is not enforced (since the server cannot interact with the user). Actually that's not mainly caused by the user type but by the communication protocol being used: RFC and HTTP allow both, interactive and non-interactive system usage. Only the DIAG protocol (used by SAPGUI) ensures that an interaction with the user is possible - and in this case the system is enforcing a password change (when required).
  Note 622464 provides an overview on the user types and the ability / requirement to change passwords (and other impacts).
  Side-remark: modifying the USR02 field would not have any impact on the password change handling (beside the fact that such direct table manipulations are risky and strongly discouraged).
  As reported by other SDN community members (and stated in note 320991, quite at the end) there are some profile parameters that will cause RFC and HTTP based logon to fail for passwords which are expired / initial. Setting those profile parameters will result in a downwards-incompatible system behavior - for this reason the default setting is "off".
  Indeed, if you intend to use "technical accounts" for (automated) system-to-system communication, then kindly use the user type "SYSTEM". In that case, the password is neither "expired" nor "initial" - no password change is required nor can it be performed by the SYSTEM user itself. Only an user administrator can set a new password (in systems as of NWAS 7.0: even a downwards-compatible one - despite the password policy, see notes referenced by note 622464).

• Can't Log-in or change password..​.help

  So, I have seen this a few times on these forums, but I can not figure it out.  I have the can't login or change password or email do not match problem, basically I can not do anything.  Any help would be appreciated.

  Hello cadshot,
  I was able to locate your account using the e-mail address you used to register for the forum and have submitted a password reset request on your behalf. You should receive an automatically-generated message with a password reset link in the next 10-15 minutes, so make sure to keep an eye on both your inbox and junk mail folders. The link will only be valid for a short period of time, so let me know via private message if you're unable to access that e-mail right away.
  To send me a PM, simply sign into the forum and then click on either the link in my signature or the letter icon in the upper right-hand corner of the page.
  Regards,
  John|Social Media Specialist | Best Buy® Corporate
   Private Message

• Using Jackrabbit User Manager programmatically for changing passwords and getting user data.

  I am trying to do a change password request using the Jackrabbit User Manager with the REST URL /system/userManager/user/<username>.changePassword.json.  The problem I am having is that this request requires an oldPwd form param in the request.  The issue is that when I am trying to do this request it is in response to the user selecting "Forgot Password" so our logic has created a random password which we then email to the user so they can use that the next time they want to login.  We need to change that user's password in CRX so they can log in using it next time.  Since they haven't logged in there is no session, NOT the problem.  THE PROBLEMS, I don't know 1. how to use the userManager to get that user's old password, since /system/userManager/user/<username>.json doesn't appear to return the password and 2. if I could get the old password it most certainly will be encoded, some how, so I will need some decoding algorithm to pass it through in order to get the actual password to set as the oldPwd form param to my change password request.  Please let me know if you require any further explanation.  Any assistance would be greatly appreciated.  Thank you, in advance, for your assistance.
  Sincerely,
  Mike Sucena
  [email protected]

  Hi Mike,
  msucena wrote:
  Justin:
  Does your response mean that until version 2.1.2 of Jackrabbit User Manager is released I cannot change the password without knowing the old password?
  No. It means that this feature is not available in version 2.1.0 of the Sling Jackrabbit User Manager bundle. It was added after that release. You have a number of options:
  Build the bundle from source.
  Use one of the SNAPSHOT bundles available from the Apache Snapshots repository.
  Use the release which is being voted upon now (https://repository.apache.org/content/repositories/orgapachesling-175/org/apache/sling/org .apache.sling.jcr.jackrabbit.usermanager/2.2.0/). (Note - we decided to use 2.2.0 as the version number rather than 2.1.2 as originally planned due to the scope of this release).
  Write a different servlet which performs the same actions.
  Meaning that being able to use either the credentials of the "Admin" user or using the credentials of a member of the "UserAdmin" group is not supported in the current released version 2.1.0?
  Correct. It was added after the 2.1.0 release.
    If I currently need the old password is there any Sling REST - Jackrabbit API call I can use in order to get the old password since using /system/userManager/user/<username>.json doesn't appear to return the password?
  -Mike
  The plain text password is not stored. And this should be considered a good thing.
  If you have questions about the development process we follow in Sling (or at Apache as a whole), by all means ask on the Sling users mailing list. It is reasonably well-established and we love to talk about it.

• TMG 2010 publishing Exchange 2010 OWA cannot change password if user must change password at first logon is set

  Hi,
   I have an odd issue whereby if I set "user must change password" on an AD account, the end user cannot logon, they're simply taken back to the OWA login page as if their password is incorrect.
  My setup is as follows:
  outer TMG -- uses a listener for email.contoso.com and is configured for no authentication.This uses a publishing rule to publish the inner TMG server. This server is not a domain member.
  inner TMG - uses a listener for email.contoso.com and is configured for NLTM\kerberos negotiation with forms authentication (Windows Active Directory). This server is a domain member and use a publishing rule to publish the internal CAS. Allow users to change
  password is selected in the publishing rules.
  Exchange 2010 SP1 - uses integrated windows and basic authentication. Has the appropriate registry key configured to allow users to change their AD password on first logon.
  I've registered an snp for "http/email.contoso.com mailserver-dc1", all SSL certificates being used are valid and my configuration used to allow users to login and change their password with "user must change password on first login"
  set in AD.
  If I launch a web browser on an internal server and point it to email.contoso.com I'm immediately presented with a generic Windows authentication request (similar to what's seen in ADFS) rather than the standard OWA page. No matter what I do, I cannot login
  and change my password using the correct URL. However if I point my browser at
  http://192.168.4.10/owa I'm prompted to login and I can change my password using the sam credentials.
  The only recent changes made are:
  - Disabling SSL 3.0 and enabling TLS  (http://www.isaserver.org/articles-tutorials/configuration-security/improving-ssl-security-forefront-threat-management-gateway-tmg-2010-published-web-sites.html)
  - Replacing the TMG listener certificates so that they now use SHA2 rather than SHA2 (certificates are trusted on each TMG server)
  Looking on the outer TMG and the DC logs I can see schannel errors which I believe are related to the problem. TMG monitoring also shows "Failed connection attempt: 1907 The user'spassword must be changed before logging on for the first time"
  I've checked that my inner TMG and DC are using the same certificate for server authentication and gone through this guide:
  http://blogs.technet.com/b/keithab/archive/2012/02/29/setting-up-and-troubleshooting-ldaps-authentication-in-forefront-tmg-2010.aspx
  If I try to use ldp.exe on the inner TMG, I get the error in the pic below
  Thanks
  IT Support/Everything

  Hi,
  You could try to analyze the TMG tracing and try the troubleshoot steps in the blog below.
  TMG 2010 – FBA, troubleshooting the change password feature 
  http://blogs.technet.com/b/isablog/archive/2012/05/07/tmg-2010-fba-troubleshooting-the-change-password-feature.aspx
  Best Regards,
  Joyce

• Disable "Change Password" option in Comms Express

  I need to disable/remove the Change Password option in Communications Express. I'm using patch level 122793-30. How do I do this? Are there any instructions out there for this? I see them for Convergence....which I have installed also but I have users who still use Comms Express.
  Thanks in advance!

  Found it myself.
  Edit /var/opt/sun/comms/ce/uwc/common/UserPreferencesSettings.jsp and change:
  <div class="Tab3"><a href="<%= getContextURI(request) %>/base/UserPreferencesPassword" class="TabLblNormal" title="<ja
  to:getModelFieldValue escape="false" modelClass="com.sun.uwc.common.model.UWCResourceBundleModel" modelName="i18nModel" lookInSessio
  n="true" name="uwc-common-options-tooltip-ChangePassword" defaultValue="Change Password"/>"><jato:getModelFieldValue escape="false"
  modelClass="com.sun.uwc.common.model.UWCResourceBundleModel" modelName="i18nModel" lookInSession="true" name="uwc-common-options-Cha
  ngePassword" defaultValue="Change Password"/></a></div>to:
  <div class="Tab3"><!--<a href="<%= getContextURI(request) %>/base/UserPreferencesPassword" class="TabLblNormal" title="<ja
  to:getModelFieldValue escape="false" modelClass="com.sun.uwc.common.model.UWCResourceBundleModel" modelName="i18nModel" lookInSessio
  n="true" name="uwc-common-options-tooltip-ChangePassword" defaultValue="Change Password"/>"><jato:getModelFieldValue escape="false"
  modelClass="com.sun.uwc.common.model.UWCResourceBundleModel" modelName="i18nModel" lookInSession="true" name="uwc-common-options-Cha
  ngePassword" defaultValue="Change Password"/></a>--> </div>

• I have never set-up a master password for firefox. Somehow the browser to locked mode, now, and requests a master password. How can I get it to unlock?

  There is no URL line, into which anything may be entered.
  Also, I reinstalled the program as well. No change. Still defaults to a request for a password THAT I HAVE NEVER CREATED.
  Full disclosure: I reached to reconnect a cable, and pressed my chest against my keyboard, while the computer was in sleep mode, with Firefox running in the background. When I stood, the browser was locked. I've tried all passwords I know, and use. No luck. The following addy will not load, even if entered into home page.
  chrome://pippki/content/resetpassword.xul
  Again, no url line opens, which I launch the browser, anymore. I just get the following message:
  Please enter the master password for the Software Security Device.
  Help! Thanks!

  Make sure that toolbars like the "Navigation Toolbar" and the "Bookmarks Toolbar" are visible: "View > Toolbars"
  *Open the Customize window via "View > Toolbars > Customize"
  *Check that the "Bookmarks Toolbar items" is on the Bookmarks Toolbar
  *If the "Bookmarks Toolbar items" is not on the Bookmarks Toolbar then drag it back from the toolbar palette in the customize window to the Bookmarks Toolbar
  **If other missing items are in the toolbar palette then drag them back from the Customize window on the toolbar
  *If you do not see an item on a toolbar and in the toolbar palette then click the "Restore Default Set" button to restore the default toolbar set up
  If the menu bar is hidden then press the F10 key or hold down the Alt key to make the menu bar appear.
  Make sure that toolbars like the "Navigation Toolbar" and the "Bookmarks Toolbar" are visible: "View > Toolbars"
  *Open the Customize window via "View > Toolbars > Customize"
  *Check that the "Bookmarks Toolbar items" is on the Bookmarks Toolbar
  *If the "Bookmarks Toolbar items" is not on the Bookmarks Toolbar then drag it back from the toolbar palette in the customize window to the Bookmarks Toolbar
  **If other missing items are in the toolbar palette then drag them back from the Customize window on the toolbar
  *If you do not see an item on a toolbar and in the toolbar palette then click the "Restore Default Set" button to restore the default toolbar set up

• Obiee 11g How to let user change password

  obiee 11g How to let user change password ？
  i not mean use weblogic console。 normal user how to change password。

  With 11g, OBIEE essentially uses the 10g notion of external authentication.
  By default, this is done by the WLS (Weblogic) LDAP identity store, but it may be done by another supported Authenticator either within WLS, or in the OBIS meta data (i.e. Custom Authenticator or LDAP). As such, OBIEE no longer has any control over user passwords; this is why the steps referenced in note 1102353.1 do not apply to OBIEE 11g, but only to internal/repository-defined users in OBIEE 10g.
  So, as with password maintenance in OBIEE 10g when an external authenticator is used, it is within that external authentication system that password is changed, not within OBIEE 11g. There is no option in OBIEE 11g to allow users to change passwords.
  There are two work-arounds with which you can change your password:
  1) From the Weblogic administration console/WLST.
  You need to give such user access into Weblogic console or access to browse through involved MBean hierarchy and other modify permissions. Changing the password using WLST instance is covered here:
  Ideally, the console and WLST approaches are used by Administration accounts to manage other users. But the console and WLST can be made to allow other users to change passwords (which will be more or less like carrying out an administrative task by users themselves)
  2) Using a programmatic approach.
  Here the application that intends to provide password change functionality to its users should implement this functionality on its own (GUI plus call to the relevant Weblogic API). Weblogic provides an MBean that the application can use to accomplish this. See here for more information.
  An enhancement request exists for this functionality. This is unpublished bug 11836170 - enable non admin users to change passwords in obiee 11g.

• CMC Admin Change Password failure

  Hi,
  Login into CMC for Administrator BOXI3.1 is no longer possible. The Administrator was given 'User must change password at next logon'.
  The logon for an Administrator in a new session is ok. But password change in the subsequent screen fails with msg "You do not have permission to perform the requested action. Please contact the system administrator for details. Please re-enter your password."
  There is only one Administrator in BOXI3.1. Please suggest a solution if any. Is there any reset password script on the command prompt?
  Regards,
  Neonevin.

  Look at the post below  for a workaround on how to reset the admin password to a blank password (Use at own risk)
  CMC asterisks in password field
  Regards,
  Stratos

• User must change password after reset?

  I am looking at the password policy settings and am wondering what "User must change password after reset� actually does. I turned it on. I tried changing some passwords in an ldap client and didnt get any messages or errors after authn again. And I didnt see a special attribute in the persons entry. Any clues?

  When the flag is enabled and the password is changed by "cn=directory manager", the next time the user authenticate, the server returns the Password Expired Control (with a Success code) and all requests other than modify of userPassword are rejected.

• Can't remember my answers for changing password setting

  Can't remember my answers for changing password setting?

  Apple ID Security -
  Telephone Apple Care for your country and ask for the Account Security Team, then request help resetting the questions.

• User having problem changing password on Windows 2008 R2 via remote desktop win7

  I have a remote user in another building with OS 7 remote destkop to Windows 2008 R2 Server.  The users account is set to change password on first login.  when the users trys to change his pw he gets error "Configuration information could not be
  read from domain controller, either because the machine is unavailable, or access has been denied.
  We are not using domain controller on the Windows 2008 R2 Server it is set to workgroup.
  Any help ASAP would be greatly appricated.
  Thanks,
  Rob Jung

  Here is one of the event logs from when the user tried to logging (and change password on the first login):
  Log Name:      Security
  Source:        Microsoft-Windows-Security-Auditing
  Date:          10/13/2011 5:09:11 PM
  Event ID:      4625
  Task Category: Logon
  Level:         Information
  Keywords:      Audit Failure
  User:          N/A
  Computer:      win007.#***.net
  Description:
  An account failed to log on.
  Subject:
   Security ID:  SYSTEM
   Account Name:  WIN9$
   Account Domain:  ***
   Logon ID:  0x3e7
  Logon Type:   2
  Account For Which Logon Failed:
   Security ID:  NULL SID
   Account Name:  Administrator
   Account Domain:  WIN007
  Failure Information:
   Failure Reason:  Unknown user name or bad password.
   Status:   0xc000006d
   Sub Status:  0xc000006a
  Process Information:
   Caller Process ID: 0x254
   Caller Process Name: C:\Windows\System32\winlogon.exe
  Network Information:
   Workstation Name: WIN007
   Source Network Address: 127.
   Source Port:  0
  Detailed Authentication Information:
   Logon Process:  User32
   Authentication Package: Negotiate
   Transited Services: -
   Package Name (NTLM only): -
   Key Length:  0
  This event is generated when a logon request fails. It is generated on the computer where access was attempted.
  The Subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
  The Logon Type field indicates the kind of logon that was requested. The most common types are 2 (interactive) and 3 (network).
  The Process Information fields indicate which account and process on the system requested the logon.
  The Network Information fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
  The authentication information fields provide detailed information about this specific logon request.
   - Transited services indicate which intermediate services have participated in this logon request.
   - Package name indicates which sub-protocol was used among the NTLM protocols.
   - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{*******}" />
      <EventID>4625</EventID>
      <Version>0</Version>
      <Level>0</Level>
      <Task>12544</Task>
  Rob Jung ADRWeb