Enforce password change

navnet · 2009-10-22

I want to enforce users to change password after certain interval in NAV 5. Possible?

bbrown · 2009-10-22

Use Windows Authentication and control your password rules at the domain level. You can also set password rules in SQL for database logins but the warning message do not pass thru to the NAV client, so the users would not get the "change your password" warnings.

navnet · 2009-10-22

I m using native database and moving to SQL server isa plan for 2010. Can I use some sort of password expiry meachnism on such native database. This means users have to enter new passsword however their username will be valid throughout the year.

bbrown · 2009-10-22

Switch to Windows Authentication as noted above.

navnet · 2009-10-22

Do I need to conatct a System Adminitrator for this or it is very simple that even I can do. (I am a starter in NAV and have mediocre IT knowledge)

bbrown · 2009-10-22

If the users already have domain logins accounts, you can add them to NAV as Windows Users and assign them roles. You will need to work with the System Admin to establish the password policy. This will be a system wide policy and not just for NAV. Very likely they have one already.

navnet · 2009-10-22

Thanks. We already have such authentication implemented for Outlook. I was just wondering if it works the same way for NAV too. does that mean we need to use Windows logon? I will chek with sys admin too.

bbrown · 2009-10-22

Yes

navnet · 2009-10-22

thanks..will comeback after 12 hours.

gerdhuebner · 2009-10-22

navnet wrote:

I want to enforce users to change password after certain interval in NAV 5. Possible?

It should be possible with some customization. You will need an extra table to store the old user passwords together with the date of latest change. Every time a user logs in you will have to check in codeunit 1, whether the password will expire soon and throw an appropriate warning if it's true. Furthermore you will have to store a changed password in the extra table together with the date when the change has been noticed. This can be done easily, if you compare the active password with the stored one every time the user logs in. The stored passwords are of course encrypted (you only need to store the field "Password" from the table "User"). In case the time period has been exceeded without change, it should not be possible to open a company (so the user has the chance to change his password, nevertheless).

Alex_Chow · 2009-10-23

Don't customize... Use the existing feature that's already in place. Using windows authencation, according to Microsoft, is more secure.

gerdhuebner · 2009-10-23

Alex Chow wrote:

...Using windows authencation, according to Microsoft, is more secure.

Windows authentication is the easiest way to implement a forced password change. Furthermore, there are "on board" mechanisms to ensure a "secure" password (minimal length, etc.). But there may be problems with windows authentication, if you don't have a homogeneous domain topology...

Enforce password change

Comments

Categories