使用OpenDJ/OpenAM启用“在下一个登录上强制更改密码”时,身份验证失败
使用OpenDJ/OpenAM启用“在下一个登录上强制更改密码”时,身份验证失败
提问于 2012-04-11 18:19:28
我使用的是OpenAM 9.5.4和OpenDJ2.4.5,并且在“重置时强制更改密码”方面有问题。
以下是我为建立环境所采取的步骤:
1)将密码服务添加到默认领域:
- iplanet-am-password-reset-userValidate=uid
- iplanet-am-password-reset-searchFilter=objectclass=person
- iplanet-am-password-reset-baseDN=dc=opensso,dc-javadc=net
- iplanet-am-password-reset-lockout-duration=0
- iplanet-am-password-reset-max-num-of-questions=5
- iplanet-am-password-reset-question=favourite-restaurant
- iplanet-am-password-reset-bindPasswd=**
- iplanet-am-password-reset-failure-duration=300
- iplanet-am-password-reset-notification=com.sun.identity.password.plugins.EmailPassword
- iplanet-am-password-reset-lockout-attribute-name=inetuserstatus
- iplanet-am-password-reset-lockout-attribute-value=inactive
- iplanet-am-password-reset-lockout-warn-user=4
- iplanet-am-password-reset-bindDN=cn=openssouser,ou=opensso管理员,dc=opensso,dc=java,dc=net
- iplanet-am-password-reset-lockout-email-address=
- iplanet-am-password-reset-user-personal-question=true RequiredValueValidator=com.sun.identity.sm.RequiredValueValidator
- iplanet-am-password-reset-force-reset=true
- iplanet-am-password-reset-failure-count=5
- iplanet-am-password-reset-failure-lockout-mode=true
- iplanet-am-password-reset-option=com.sun.identity.password.plugins.RandomPasswordGenerator
- iplanet-am-password-reset-enabled=true
2)在OpenDJ中创建密码策略:
Configure the properties of the Password Policy
Property Value(s)
-------------------------------------------------------
1) account-status-notification-handler -
2) allow-expired-password-changes false
3) allow-user-password-changes true
4) default-password-storage-scheme Salted SHA-1
5) deprecated-password-storage-scheme -
6) expire-passwords-without-warning false
7) force-change-on-add false
8) force-change-on-reset true
9) grace-login-count 0
10) idle-lockout-interval 0 s
11) last-login-time-attribute -
12) last-login-time-format -
13) lockout-duration 0 s
14) lockout-failure-count 0
15) lockout-failure-expiration-interval 0 s
16) max-password-age 2 d
17) max-password-reset-age 0 s
18) min-password-age 0 s
19) password-attribute userpassword
20) password-change-requires-current-password false
21) password-expiration-warning-interval 1 d
22) password-generator -
23) password-history-count 0
24) password-history-duration 0 s
25) password-validator -
26) previous-last-login-time-format -
27) require-change-by-time -
28) require-secure-authentication false
29) require-secure-password-changes false
?) help
f) finish - apply any changes to the Password Policy
c) cancel
q) quit3)创建了一个虚拟属性,将密码策略分配给一组用户:
Configure the properties of the User Defined Virtual Attribute
Property Value(s)
-----------------------------------------------------------------------
1) attribute-type ds-pwp-password-policy-dn
2) base-dn The location of the entry in the server is not taken
into account when determining whether an entry is
eligible to use this virtual attribute.
3) conflict-behavior real-overrides-virtual
4) enabled true
5) filter (objectClass=*)
6) group-dn "cn=Users,ou=groups,dc=opensso,dc=java,dc=net"
7) value "cn=OpenSSO Users Policy,cn=Password
Policies,cn=config"
?) help
f) finish - apply any changes to the User Defined Virtual Attribute
c) cancel
q) quit4)创建了一个用户
当我通过重置密码屏幕回答秘密问题时,我会收到电子邮件来重置密码。但使用新密码(或旧密码)提供和“身份验证错误”
我查看了OpenDJ控制面板中的用户,"pwdReset“属性按预期从"false”更改为"true“。但是,如果我将其更改为"false“,则会验证属性,但我不会被迫更改密码。
还有其他人有这个问题吗?
回答 1
Stack Overflow用户
发布于 2012-04-23 03:28:55
您的设置假定OpenAM 9.5.4完全支持OpenDJ密码策略特性。然而,情况并非如此。我建议您查看OpenAM邮件列表的归档文件,因为这已经讨论了好几次。
致以敬意,
卢多
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/10111675
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号