• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 872
  • Last Modified:

Set Password Admin

We are trying to use the Set Password Admin utility.  Unfortunately, this product is free and unsupported from Novell.  If you are familiar with the utility you know that it allows a user to change passwords without having administrative rights.  We find this extremely promising to reduce the call volume to our Network Support team, by allowing the first level help desk personnel to reset users' passwords.

Here's the problem:  On our network we require users to use Unique passwords.  The setpassword utility doesn't work in this situation.  Here's why...  The utility changes the password to a default password hardcoded in the utility.  Then it uses the existing APIs to allow the SetPass Admin to change the password normally through a new tab in NWAdmin.  It is a new tab, but, like I said, it uses the existing APIs to perform the change of password.  The thing is that after one reset on a user's password, the setpass utility won't work anymore - since the hardcoded password exists in the password history for that user.

If anyone has found a work around for this - or even changed the code (C++ - available with the utility in the download) I would really appreciate their input.
0
calger
Asked:
calger
1 Solution
 
JBirkmannCommented:
define a Group for the first level help desk personnel and
assign only the object property rights for changing unique passwords. The members of the group now can change the unique password property of all users.
If an user has forgotten his password, the help desk members have to change the unique password property, then they can use the change password admin utility, after that they have to reset the unique password property (to activ)
0
 
calgerAuthor Commented:
We have thought about that - but we don't want to have to constantly administrate this function.  As new sites are added (at the speed of 4-12 servers per week - whew!) we would have to constantly update these users' rights.  We want a one stop fix for this solution.  I guess the best thing would be if someone has modified the code, or could modify the code.  Or someone who knows of a similar utility.

I appreciate the thought!
0
 
saar2Commented:
I don't know how to slove your problem but anyway - it is strange.

Novell says that you must have rights to the user ACL to change its password - I can't understand how the program does it. If you realy can change the user password with no rights this mean a big hole in the security (a ragular user can change the admin user?!).

If you do have the rights for the ACL just use the Novell's Setpass:

Setpass <Username>

Where can I download this program?

Saar Carmi.

0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
calgerAuthor Commented:
SAAR - The utility should be downloadable from the Developers site.  It was written up in a late issue of AppNotes.

There is an NLM that is loaded on one fileserver - this provides the hook into NDS.  It also requires a schema extension.  NWAdmin interfaces with the NLM and allows a common user with no rights to be able to change passwords.  The NLM changes the user's password to a common, known password and then the NWAdmin piece can change the password using the SETPASS API.  Since NWAdmin is already aware of the common password it performs this action:

SETPASS <Username> <Common Password> <New password as defined by the Setpass Admin> <Verify Password>

SAAR - I know you do programming.... do you know C++ well enough to modify the code if you had it?  And if so, do you have an NLM compiler?

Also, I have spoken with an SE at Novell - The original developer of this utility has left Novell.  A new developer in Europe has recently taken on this code and I have requested a code change from him.  But if someone already has performed this change, why reinvent the wheel?
0
 
calgerAuthor Commented:
0
 
calgerAuthor Commented:
I doubled the points since I'm asking for someone to actually do some coding.  If anyone thinks the number of points assigned to this questions is unfair, let me know - I have plenty to share......
0
 
calgerAuthor Commented:
My contacts with Novell are forwarding me a new revision of the code with the changes supposedly built in.  If anyone would like to see this code after I receive it, let me know via email.
0
 
calgerAuthor Commented:
The new revision of the code from Novell works.
0
 
jstegallCommented:
Check Darwin Collins web site:
http://www.fastlane.net/homepages/dcollins/welcome.shtml

N4pass is the utility I use, it can be configured to use random or fixed passwords and you can exclude users or groups from the
list it can change,  like Admin your backdoor user or anyone.
0
 
calgerAuthor Commented:
Thanks!  I did look into that utility that you mentioned.  It does everything we need it to do, and more.....too much more.... haha

We're going to stick with the corrected utility from Novell - but thanks for the URL - we're keeping it in case we decide to expand the abilities of our Help Desk.

Thanks again!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now