We implemented this using a product called FastPass Password Manager http://www.fastpasscorp.com. Works great – your users will have to have an AD account to get it working. They can either sync the passwords from AD or let the user select a target to password reset – eg. SAP iSeries. Uses Challenge response and SMS pin for auth.

Anders

You are right the sentence should read as user profile gets disabled.

Iam second thoughts on implementing the same as i dont think our IT security would enable this function on our Production system.

Regards.
Johnson

If you’re interested, I have a reasonably functional solution for the problem you described. It’s not complete in that 1) I haven’t put in any help text and 2) the programs currently assume that the same display type (CCSID if you will) is used when setting a challenge answer and later providing the challenge answer (that is, don’t go outside of A-Z, 0-9, etc in the question answer if the user has international tendencies), but it works well enough for some testing.

The user can select a question, from twenty question choices, to answer; the answer is not stored anywhere in clear text form; and, when the profile is disabled from the signon panel, the user is presented with a panel asking if they want to reset their password. If yes and they successfully answer the posed question (two tries) then the password can be left as it was with the profile being re-enabled or a temporary password can be assigned (which they are required to then change upon successfully signing on to the system).

This approach assumes that the user is still on the signon panel when their profile becomes disabled — which may or may not be a reasonable assumption depending on your configuration.

If you would like to do some testing please let me know.

End vendor response.

Bruce Vining

So, either the word ‘disabled’ was used in place of ‘expired’ or ‘password’ was used in place of ‘profile’. Can you clarify the precise situation, please?

Tom