Hi guys,
I have configured Access manager for authentication with ADS (active directory server) but with i reset the users password on ADS and try logging with the old password it still gets authenticated is this a bug in ADS? I faced the same issue when i used Jxplorer to connect to ADS.
Thanks
Shilu.
Guys i got it myself....:)
Microsoft Windows Server 2003 Service Pack 1 (SP1) modifies NTLM network authentication behavior. After you install Windows Server 2003 SP1, domain users can use their old password to access the network for one hour after the password is changed. Existing components that are designed to use Kerberos for authentication are not affected by this change.
How to change the lifetime period of an old password
Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall your operating system. Microsoft cannot guarantee that these problems can be solved. Modify the registry at your own risk.
To change the lifetime period of an old password, add a DWORD entry that is named OldPasswordAllowedPeriod to the following registry subkey on a domain controller:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
To do this, follow these steps:
1.Click Start, click Run, type regedit, and then click OK.
2.Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3.On the Edit menu, point to New, and then click DWORD Value.
4.Type OldPasswordAllowedPeriod as the name of the DWORD, and then press ENTER.
5.Right-click OldPasswordAllowedPeriod, and then click Modify.
6.In the Value data box, type the value in minutes that you want to use, and then click OK.
Note The lifetime period is set in minutes. If this registry value is not set, the default lifetime period for an old password is 60 minutes.
7.Quit Registry Editor.
