Hello,
we are experiencing a funny problem, that is making users laughing at Domino and administrators.
We have many internet applications and DWA7 installed on a couple of clustered Domino server (version 7.0.2 FP2 on Windows server 2003 platform) , and user log to services trough Internet Explorer. We setup Session Authentication method, a single signon is configured between clustered servers (working good), and we also have an explicid policy configured and applied to users. Inside policy, a security settings define password complexity, expiration forcing in 180 days, grace period (1 day), warning period (8 days).
Well, problem is: when user get message to change password because it is going to expire or already expired, they just click on “cancel” button on page or retype URL in web browser, and domino let them work normally, ignoring previous warning. Some users are doing like this since many months bypassing company security rules.
Why Domino shows to users page for changing expired or expiring password (almost in good time, but many times much more before planned date of expiring) and then still accept old password for unlimited time? Grace period is set to 1 day! Is there something so important we are missing in configuration? We are using Domino since many years and this is really first time I see such effect.
Do someone can help please?
Thank you in advance.
Davide Trombini