Re: Password Change Script Problems

From: David Wang [Msft] (someone_at_online.microsoft.com)
Date: 11/01/03


Date: Fri, 31 Oct 2003 20:52:48 -0800

Does http://support.microsoft.com/?id=251404 affect this?

-- 
//David
IIS
This posting is provided "AS IS" with no warranties, and confers no rights.
//
"Jim Mc" <jim.mc@zolx.com> wrote in message
news:n2a4qvs3kdte5kodnoc8i32v7psk3qojuj@4ax.com...
On Thu, 30 Oct 2003 22:10:16 -0800, "David Wang [Msft]"
<someone@online.microsoft.com> wrote:
>Describe in detail how you've set up the pages, including authentication
>methods enabled and ACLs on the password change files.  Also, are you using
>the .ASP version of the password change scripts?
>
>We're talking about password changing here, which is a privileged operation
>walking a fine-line in security.  Any mistake, and it's over.
I did a little bit more debugging and it appears that the only thing
not working is that the form fields aren't making it to the achg.htr
script.
If in that script I do something like hard coding:
domain = "MYDOMAIN"
username = "myuser"
and
pUser.ChangePassword "somepassword", "somenewpassword"
then the password is changed successfully and the user can then access
the protected web site.