Solved

Password expiration warning

Posted on 2004-08-28
12
955 Views
Last Modified: 2012-06-21
In the Netware world, it's common to use "gracelogins": When the password *has* expired, the user can log in some number of times.  

I'd like to disable "gracelogins", and use a model based on "early warnings" instead: Upon login, the system should warn the user if the password is *about* to expire: If it will expire in some number of days.

The question is: Does the Novell Windows client contain such functionality? If not, which kind of add-on software can solve this? Free software alternatives are preferred.
0
Comment
Question by:astrand
  • 5
  • 3
  • 2
12 Comments
 
LVL 35

Expert Comment

by:ShineOn
Comment Utility
I haven't done forced changes lately, but when I did a few years ago, it seems to me that it would warn that your password was going to expire, before actually saying it was expired.  Maybe I'm thinking of something else.

Are you saying that you are not using the Novell Client32, or that you are and want to know if there's a setting to change on the client side for this?

What version of the Novell Client32 software are you using, and what version of NetWare are you running?
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
Short answer: Yes. Sort of.

Long answer: Yes - altho you didn't bother to specify your version of NetWare, or the exact client platform, or the version of the NetWare Client, the NetWare client has had this functionality for literally decades, since the days of the DOS monolithic client (the one you had to compile on-site, remember that?). You do this using login script commands. However: if you, as most people in the Windoze environment do, hide or quickly close the login results screen, then the user is not going to see the warning.

You can, in the login script, print a warning message to the user, like so:

WRITE "You password will expire in %PASSWORD_EXPIRES days"

If you do hide the login results screen (or have it close as soon as the script completes, which on most systems amounts to the same thing), then you might do better to test the value of PASSWORD_EXPIRES and if it is below a certain point, execute an external program to put a message on the user's screen, like so (mind you, its been years since I've done this sort of login script programming, so treat this as pseudo-code and not actually ready-to-be-run code):

IF %PASSWORD_EXPIRES < 5 THEN
  @POPUP_PROGRAM_NAME_HERE Your password will expire soon! Click the red N to change it!
ENDIF

Here's a helpful page for the Windoze XP/NT v4.8-9 client that discusses the variables available and how to use them: http://www.novell.com/documentation/noclienu/index.html
0
 
LVL 2

Author Comment

by:astrand
Comment Utility
I was hoping for a solution that would work on most recent Netware versions: different customers have different versions. NW 6.0 and 6.5 is most interesting.

For the client: We can assume that a recent version of the Windows Client32 is used: Something like 4.7 or newer. There's no need to support other client platforms right now.

>then you might do better to test the value of PASSWORD_EXPIRES and if it is below a certain point, execute an external program to put >a message on the user's screen,

Interesting. Anyone knows of a suitable external program?

Also, I forgot to tell: I want the users to be able to change password from the warning dialog. Is it possible to trigger Netwares native password change dialog from a script?
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
Novell Client 32 v4.7 is *not* a "recent version" of that client. Its at least a year or so old, which makes it long of tooth, to say the least. Its not even a supported version. Latest is v4.90 SP2B (aka v4.90.2B) - support extends back to v4.8.

The solution I propose will work on practically every version of NetWare, from the ancient v3 days thru to now. The drawback is that, unless you leave the Client 32 login results screen open for users to read (meaning they gotta click OK to close it), the users will miss it.

For a suitable 3rd party app, I suggest you look at NetWareFiles.com, specifically the Login tools (http://www.netwarefiles.com/login.htm). I checked there quickly and noted WDisplay, which is a bit old --> http://www.virtualroberts.com/software/WDISPLAY.ZIP

You should probably also take a look at the password management utilities there --> http://www.netwarefiles.com/passmgmt.htm

Also check out http://www.portlock.com

I think it is possible to call the change password utility from the Login script....if you don't mind using the old DOS interface, just use @SETPASS (include the path if you want - I dunno your drive mappings or search drives). I'm not sure how to call the Windoze-pretty interface.
0
 
LVL 2

Author Comment

by:astrand
Comment Utility
A DOS-like solution in the login results screen window is not acceptible; it must be a GUI. I've checked the links above, but cannot find anything like that.

So, I guess what I'm looking for is basically a GUI-variant of @SETPASS.

I'm raising to 400 points.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 35

Accepted Solution

by:
ShineOn earned 400 total points
Comment Utility
Spend $500 for WinBatch+Compiler and roll your own executable that will pop up a window and tell the user their password will expire in x days, giving them buttons to press or whatever, if they want to ignore it or change it or...

WinBatch can GUI-ize dang near anything you want, and has an extender made for modern NetWare.

If you want if for free, then you might find something on Cool Solutions that an admin has written already.   Like this one:  http://www.novell.com/coolsolutions/tools/1911.html

0
 
LVL 2

Author Comment

by:astrand
Comment Utility
The PassXchk looks promising. But: The doc says the "passchg.exe" program should be included, but it's not!
0
 
LVL 2

Author Comment

by:astrand
Comment Utility
0
 
LVL 2

Author Comment

by:astrand
Comment Utility
I will probably accept ShineOn:s solution, but I'll need to test it first.
0
 
LVL 34

Expert Comment

by:PsiCop
Comment Utility
I didn't even get any points, so it didn't affect me, but I thot the grade was low. Glad to see the Asker is reconsidering.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Describes a method of obtaining an object variable to an already running instance of Microsoft Access so that it can be controlled via automation.
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now