Re: Automatic Password Reset
- From: "Ali, Saqib" <docbook.xml@xxxxxxxxx>
- Date: Tue, 5 Jun 2007 10:10:31 -0700
Mohamed
You would have to perform the following steps:
1) Create a new application pool on the IIS Server
2) Assign a account that has privileges to change user's password to
that application.
3) Create a new virtual website on the IIS
4) Assign the newly create application pool to the virtual website.
5) And the place you ASPX script that includes the code for the
challenge/response and the code to change the password in the virtual
website.
The task will take about 20 hours if you are new IIS and ASPX
saqib
http://www.full-disk-encryption.net
On 6/5/07, Mohamed Farid <mfarid@xxxxxxxxxxx> wrote:
Dear Saqib :
Where exactly should I add this code ?
Please help me more because I don't have the experience for editing
web-pages ...
Thanks ,,,
Mohamed Farid ,,
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Ali, Saqib
Sent: Monday, June 04, 2007 8:55 PM
To: Mohamed Farid
Cc: security-basics@xxxxxxxxxxxxxxxxx
Subject: Re: Automatic Password Reset
This can be easily done using a small ADSI script running on the same
server as your Web Interface Server (NFuse).
Here is the ASPX code that will do the trick:
---------------------------------------------
user = New DirectoryEntry("LDAP://"; & userDomain & "/" & userDN)
user.Invoke("SetPassword", newPassword)
user.Properties("pwdLastSet").Value() = -1
user.CommitChanges()
-------------------------------------
Of course you will have write some code for the challenge questions
and lookup the user in the AD using LDAP calls.
saqib
http://www.full-disk-encryption.net
On 6/4/07, Mohamed Farid <mfarid@xxxxxxxxxxx> wrote:
> Dear All :
>
> I have Citrix 4.0 implemented at my company and a lot of users are
> logging to it using the web interface technique...
> I need a way to make the users automatically reset their passwords if
> they forget it by going through some pre-configured questions and
> answers ..
>
> I need some application names which is doing that ...
> I saw sort of them in the past but I failed to find them ...
>
> Mohamed Farid ,,
>
> * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
> This e-mail (including attachments) is classified as Mediterranean
Smart Cards Company confidential and proprietary information
> The recipient hereby is committed to hold in strict confidence the
contents of this (e-mail, document, and information) and not to disclose
to any third party without the prior written consent of Mediterranean
Smart Cards Company.
> Recipient will be held liable for any unauthorized disclosure.
> It is intended solely for the addressee. Unless you are the addressee,
you may not read, copy, use or store this e-mail in any way, or permit
others to.
> If you have received it in error, please notify the sender by return
e-mail and delete the message in its entirety, including any attachments
> * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
>
>
>
--
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net
--
Saqib Ali, CISSP, ISSAP
http://www.full-disk-encryption.net
- References:
- Automatic Password Reset
- From: Mohamed Farid
- Re: Automatic Password Reset
- From: Ali, Saqib
- RE: Automatic Password Reset
- From: Mohamed Farid
- Automatic Password Reset
- Prev by Date: RE: TACACS+ vs. RADIUS
- Next by Date: Re: Demonstrate to users- insecure APs
- Previous by thread: RE: Automatic Password Reset
- Next by thread: RE: Vulnerability Assessment
- Index(es):
Relevant Pages
|
