Posts Tagged ‘HTTP’

old password + new password = confusion

Today, I was testing the “Force user to change Internet Password on next login:” option on the last tab of the person document.

I wanted to set an HTTP password for several users that will only be POP3 clients, and set the “Force user to change Internet Password on next login:.” I wanted to do this so that we could have remote admins at that site change the user’s password through the web interface and then setup the Outlook client to connect to Domino via POP3 – all without giving the remote non-Domino admin access to our directory. They are in Brazil, we are in Hong Kong and there are 300 users, so it’s a logistical issue. It’s a long story why outlook and why POP3….don’t ask.

I set a password of 87654321 on one account, forced replication to the remote server, used IE to login, which presented me with a change password dialog. I changed the password to 12345678, and it let me on in to the mailbox.

I then noticed that I could login with both the old and new password. ????
I ran “tell adminp process all” on each server involved and replicated both admin4.nsf and names.nsf, and then repeated the process of both tell adminp and manual replication to make sure that adminp had finished all it needed to finish for the password change process to complete.

Still, I could login with both passwords = me confused.

I searched the Notes 6/7 discussion forum and then found a couple of documents in the administrator help which explain that this is a caching issue. By default the old password is cached for 48 hours to alleviate any confusion between HTTP access on multiple servers, and adminp and/or replication delays.

Look at the administrator documents titled for the full explanation:
Caching Internet password changes for SSO


I'm currently available
for Lotus Notes / Domino consulting engagements.


Connect with me: