Educause Security Discussion mailing list archives
Re: Changing Domain Passwords
From: John Washington <jawashin () UIUC EDU>
Date: Mon, 21 Jun 2010 14:57:42 -0500
I will admit that I would have opted for a kpasswd based solution (for website and/or client), as it is easier. Why do you disable password changes from domain PCs? We have an external website for password reset as well but did not disable any other reset mechanisms. * Kevin Halgren <kevin.halgren () washburn edu> [2010-06-21 11:11]:
While not exactly like your situation, we are looking at a similar issue and intend to address it in the following way: Disable password change from domain PCs (no more ctl-alt-del -> Change Password) Direct users to a web page to perform password resets. This web page runs a script that reaches out to each of our directory/authentication systems and performs an LDAP command to change the password. Active Directory supports LDAP password changes if and only if you process it over an SSL-secured LDAP connection (port 636). You can find more info by doing a Google search for "Active Directory LDAP change password" Kevin -- Kevin Halgren Assistant Director - Systems and Network Services Washburn University (785) 670-2341 kevin.halgren () washburn edu<mailto:kevin.halgren () washburn edu> On 6/21/2010 10:46 AM, STEVE MAGRIBY wrote: Our students have always changed their domain (Active Directory) password through Outlook Web Access (Exchange 2003). However, we recently outsourced our student email to MS Live@edu. Now we are wondering how students will be able to change his/her password without coming on campus and logging into a domain workstation. If we use Live@edu’s SSO (single sign-on) students will still need to be on the domain to change their domain password. If any other schools have outsourced student email we would be grateful to hear of solutions for changing passwords in the domain (Active Directory) either without being on campus. Thanks for any information you can provide.
-- John Washington Network Security Officer, University of Illinois Urbana-Champaign
Current thread:
- Changing Domain Passwords STEVE MAGRIBY (Jun 21)
- Re: Changing Domain Passwords Kevin Halgren (Jun 21)
- Re: Changing Domain Passwords John Washington (Jun 21)
- Message not available
- Re: Changing Domain Passwords Kevin Halgren (Jun 24)
- Re: Changing Domain Passwords Kevin Halgren (Jun 21)
- Re: Changing Domain Passwords Gregg, Christopher S. (Jun 21)
- Re: Changing Domain Passwords Miller, Richard (Jun 21)