IBM Support

LO78427: "RESET PASSWORD" IN ID VAULT MEET ERROR "YOU HAVE USED THIS PASSWORD BEFORE, PLEASE CHOOSE AN NEW ONE"

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as user error.

Error description

  • Steps to reproduce:
1.Register user1 and user2 under /acme with the same
original notes password
"111".
2.Create id vault for org acme via orgnization policy,enable
"check passowrd" &
set "password history" to "1" in "password management" tab in
policy document.
3.User1 connect to domino server with original "111" and ensure
upload user1 id
into id vault sucessfully.
4.Then id vault admin tried to "reset password" via admin
client, input "111" as
the temporary password, but met error "you have used this
password before, please
choose a new one".
5.Tried reset password with other random one is ok.
6.Change the "password history" to "2", and ensure the vaule was
updated for
User2 via Policy Synopsis.
7.User2 change password to "222" offline, there should be two
password
"111"&"222" in id password history now, and then connect to
domino server,
ensure upload user2 id into id vault sucessfully.
8.Then idvault admin tried to "reset password" via admin client,
input "111" OR
"222"as the temporary password, but met error "you have used
this password
before, please choose a new one".
9.Disable "check passowrd" & set "password history" to "0" in
"password
management" tab in policy document, "load updall -R names.nsf"
to ensure vaule
was updated in policy.
10.Repeat step 4 and step 8, got the same result.
11.Register new user user3 and id of user3 will be uploaded into
id vault
automatically, you can change the policy back to enable "check
passowrd" & set
"password history" to "2".
12.Then id vault admin tried to "reset password" via admin
client,admin can
input any passowrd as temporary password.

To sum up, FOR EXISTING USER BEFOR ENABLE IDVAULT, the first
time Notes Id
uploaded into ID Vault, it will keep the "Password History"
which saved in this
notes id before(according to the security policy), and this will
IMPACT the
temporary vaule set via "RESET PASSWORD" of ID VAULT.  And this
behavior is
inconsistent with new register users.

Local fix

  • 



Problem summary


    

  • 



Problem conclusion


    

  • 



Temporary fix


    

  • 



Comments


    

  • This APAR is associated with SPR# JJDI9EJ9KJ.
The problem was caused by a user error or user misunderstanding.

    



APAR Information




    

  • APAR number
    LO78427
    • 

  • Reported component name
    DOMINO SERVER
    • 

  • Reported component ID
    5724E6200
    • 

  • Reported release
    852
    • 

  • Status
    CLOSED  USE
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2013-12-19
    • 

  • Closed date
    2017-06-01
    • 

  • Last modified date
    2017-06-01
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU055","label":"Cognitive Applications"},"Product":{"code":"SSKTMJ","label":"Lotus Domino"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"8.5.2","Edition":"","Line of Business":{"code":"","label":""}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            01 June 2017
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback