[ngw] Slighty OT - Universal Passwords

Joe Brugaletta JBrugaletta at braytonlaw.com
Fri Oct 28 16:39:10 UTC 2016


Or.. get rid of the Novell client and login to AD alone.. :)
Are you using the bundled IDM that you get with NOWS or do you have full IDM?

NOTICE: This email and all attachments are CONFIDENTIAL and intended SOLELY for the recipients as identified in the "To", "Cc" and "Bcc" lines of this email.  If you are not an intended recipient, your receipt of this email and its attachments is the result of an inadvertent disclosure or unauthorized transmittal.  Sender reserves and asserts all rights to confidentiality, including all privileges that may apply.  Pursuant to those rights and privileges, immediately DELETE and DESTROY all copies of the email and its attachments, in whatever form, and immediately NOTIFY the sender of your receipt of this email.  DO NOT review, copy, forward or rely on the email and its attachments in any way.
 
NOTICE: NO DUTIES ARE ASSUMED, INTENDED OR CREATED BY THIS COMMUNICATION.  If you have not executed a fee contract or an engagement letter, this firm does NOT represent you as your attorney.  You are encouraged to retain counsel of your choice if you desire to do so.  All rights of the sender for violations of the confidentiality and privileges applicable to this email and any attachments are expressly reserved.

>>> "James Taylor" <James.Taylor at eastcobbgroup.com> 10/28/2016 9:29 AM >>>
IDM would honestly be your best solution. Anything else would require nearly as much admin effort as you have now.
Also, IDM includes Self Service Password Service, which includes forgotten password and a people search option.
However, you can use the Novell client to change passwords on the windows client, but I'm not sure of that passes through to AD.
And there is an free, open source version of sspr, but it requires more set up. It doesn't have the preconfigs for AD and eDir.
My usual setup with IDM is to point the SSPR to the identity vault. eDir has better password policy management in my opinion.
-jt

James Taylor
678-697-9420
james.taylor at eastcobbgroup.com



>>> "Joe Brugaletta" <JBrugaletta at braytonlaw.com> 10/28/2016 11:37 AM >>> 
Finally getting around to doing this.. we currently have Edir/Ad/GW passwords that we have to maintain.. not very secure ones either and maintained by IT department. I'm looking to implement stronger passwords and have them preferably sync to AD, also enable a Forgot Password type thing on the client. Users login to the OES Client initially, which passes credentials to the computer (domain joined), then zenworks, and login succeeds.  GW *could* have a separate password, which they'd have to login again to the GW client, but most are the same. We're also using GW Mobility, if that comes into play. 

If I enable LDAP Auth to GW.. that would remove having to maintain gw password, right?

Anyone know if you can have the OES client change the AD password and how well it works?

I don't think I need to go the IDM route.. but maybe..

Thanks for any insight/experiences!


NOTICE: This email and all attachments are CONFIDENTIAL and intended SOLELY for the recipients as identified in the "To", "Cc" and "Bcc" lines of this email.  If you are not an intended recipient, your receipt of this email and its attachments is the result of an inadvertent disclosure or unauthorized transmittal.  Sender reserves and asserts all rights to confidentiality, including all privileges that may apply.  Pursuant to those rights and privileges, immediately DELETE and DESTROY all copies of the email and its attachments, in whatever form, and immediately NOTIFY the sender of your receipt of this email.  DO NOT review, copy, forward or rely on the email and its attachments in any way.
NOTICE: NO DUTIES ARE ASSUMED, INTENDED OR CREATED BY THIS COMMUNICATION.  If you have not executed a fee contract or an engagement letter, this firm does NOT represent you as your attorney.  You are encouraged to retain counsel of your choice if you desire to do so.  All rights of the sender for violations of the confidentiality and privileges applicable to this email and any attachments are expressly reserved.




_______________________________________________
ngw mailing list
ngw at ngwlist.com
http://ngwlist.com/mailman/listinfo/ngw





More information about the ngw mailing list