Sunday, July 12, 2009

Password Reset Behavior

There is a "Password Reset" feature in Sun Directory Server Password Policy setting. 

This forces:
  1. A new user to change password upon 1st time login
  2. An existing user to change password upon administrator's reset (Forget Password)
 


Once this Password Policy is created, you can see something like this:

dn: cn=CustomPasswordPolicy,dc=abc,dc=com
objectClass: top
objectClass: pwdPolicy
objectClass: LDAPsubentry
cn: CustomPasswordPolicy
pwdMustChange: TRUE
pwdattribute: userPassword

If this Password Policy is assigned to a user, then there will be this read-only attribute pwdReset appearing in the User object entry when either of the above 2 conditions occurs.

When pwdReset is TRUE, then user will be force to change password upon next login.

Note: pwdReset can only be modified by the Directory Server.




There is this nice article talking about the Sun Access Manager Password Reset function.


Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)