I have a client using the WebClient for non-employees. They are therefore created in NAV as users with NavUserPassword to avoid having them created in the Active Directory. So far so good.
Now they would like to setup different rules regarding their password - just like their AD users.
* Block login after X invalid attempts
* Password should be at least X chars and include special chars etc.
I guess it might be possible to solve the first requirement by reading in the event log of the NAV server, and search for failed logins. But it will not be a very nice solution - can it be done in a better way?
The only way to solve no. 2, is by trying to brute-force the password. Or do you have a better suggestion?
My only other suggestion, is to create them in the AD, but the client would like to avoid that.