Forum Discussion
Stefan_Klotz
Jul 01, 2011Cumulonimbus
During further investigation including several F5 documentation I could found the following:
Active Directory password management
Access Policy Manager supports password management for Active Directory authentication. This works in the following order:
- Access Policy Manager uses the clients user name and password to authenticate against the Active Directory server on behalf of the client.
- If the clients user password on the Active Directory server has expired, Access Policy Manager returns a new logon page back to the client, requesting that the client change its password.
- After the client submits the new password, Access Policy Manager attempts to change the password on the Active Directory server.
If this is successful, the clients authentication is validated.
If the password change fails, it is likely that the Active Directory server rejected it because the password did not meet the minimum requirements such as password length.
Note: By default, users are given only one attempt to reset their password. However, an administrator can configure the max logon attempt allowed of the authentication agent to a value larger than 1, which gives users multiple opportunities to reset their passwords.
I'll play with this a little bit in the next days (as our APM license is not yet available) and let you know the results.
Ciao Stefan :)