Re: [IUG] Setting Password Policies
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
At 12:03 AM 07/17/2008, Edward wrote:
We have not yet established policies, as I am trying to determine
whether this options applied only to Millennium client logins, or
can it be applied to the 'initial'/password combination. The manual
is not clear on this. If anyone knows the answer, I would love to hear. :)
It seemed clear to me that it applies only to logins, but in the
absence of hard information I usually say "let's just turn the darn
thing on and see what happens." On our system, when you turn the
darn thing on, this is what happens (YMMV):
- The policies apply to Millennium logins only.
- All existing logins were exempted from the policies after I turned
it on. You have to specifically "un-exempt" a login for the policies to apply.
- When you create a new login, it is exempt from the policies by default.
- If a manager changes a password for a login via "Edit Login",
there's a checkbox to require the login to change the password on
first use. It appears that a manager-set password is not subject to
the policies, but it's hard to tell for sure in light of the fact that...
- ...most of the password composition policies don't work---only the
minimum length and numeric character minimum were applied. Forcing a
change on first login works and the limit login setting works; I
haven't played with the expiration policy.
Let me stress that your mileage may vary---it's hard to believe that
this feature got out of beta in such a flawed state, so it could be
something funky with our system.
Bob "off to open a call" Duncan
Robert E. Duncan
Editor of IT Communications
Easton, PA 18042
duncanr at lafayette dot edu