I am testing the Check Password functionality. I have 10 test user’s (s1-s10) who have the option turned on in their person document. On all 10 I logged in and changed the password, making sure to authenticate with the server. On 6 of the 10 accounts, the admin process updated the password digest field with the new password. It also locked out all other id’s with the wrong password. On the other 4, it updated the password digest field, but did not lock out other ids with different passwords.
I then tried clearing the password digest field in the 4 trouble person documents. Admin help states that when the password digest field is cleared, the first id to authenticate with the server will populate the field with its password. So, I logged in once with each id, expecting that to happen. The admin process did not update any of the person documents. Next, I tried logging in at another computer with the 4 ids. Each time I logged in, I changed the password. This time, the admin process did update the person documents for all 4. Yet, I was still able to login with a different password for 3 of the 4 accounts. Only 1 started working properly.
So now I’m left with three accounts that refuse to work properly. Has anyone else implemented the check password option with better results? I want to get a better handle on this before I enable it on real user accounts. Thanks.
By the way, I did enable “check passwords on notes id” in the server document.
Subject: adminp delays
Servers don’t generally modify the directory directly – they create an adminp entry, and then the adminp process (on the “hub” server) modifies the directory. If the local server is the adminp server, then you should be able to accelerate the process with “tell adminp p a”.
Subject: RE: adminp delays
Overall, the behaviour of the administration requests seems erratic. In testing the 4 problem id’s this morning, I noticed three problems. (when I refer to administration request, I am specifically referring to the “change user password in domino directory” request)
-
The administration request would be created and immediately processed. Yet, I could still login with different passwords. It was if the password checking option was not enabled for the user
-
In one instance, two identical administration requests were created and processed one after another. I was still able to login using different passwords for the same user.
-
No administration request would be created, even after clearing the password digest field.
Subject: Couple of things to check
- I assume that the admin process is running on the server?2) Is there an adminpinterval set in your notes.ini - if so, how long is it?
Check your admin4.nsf for entries refering to each user - that it is logging that the new passwords are being logged in the Directory.
Anyone else got any suggestions?
Subject: RE: Couple of things to check
adminp is running. for the users in which password checking is working, I have corresponding log entries in the admin4.nsf. I believe adminpinterval is an obsolete parameter. At least that’s what notes admin help says. adminp is listed in the servertasks parameter, so I’m assuming it runs all the time.