You have told me you have filed a feature request for Vault password expiry. Thanks, I hope we'll have this feature soon.
In the mean time, we would like to force all Vault users to change the pwd, each user has a different pwd. Is there anyway to automate the process?
- Write a SQL script?
- Write a .NET program using Vault API?
- Calling CLC?
If it is possible, please help us with some leads on how to implement. Thanks.
How to force password change?
Moderator: SourceGear
We don't have a timeframe set for including password expiration, but it will most likely not be soon. For users who want full featured control over password expiration and complexity, I would recommend using Active Directory authentication, which uses Active Directory to validate the password typed into the Vault login dialog. You can set AD to expire passwords and enforce password complexity.
There's no way to force a user to change his password the next time that he logs on to Vault. The admin user could reset their passwords at once, but that might not be what you want.
There's no way to force a user to change his password the next time that he logs on to Vault. The admin user could reset their passwords at once, but that might not be what you want.
Half of our staff work off site and cannot always VPN in.
Do you mean using the Admin tool, Edit user properties and changing the pwd manually? If I want a different pwd for each user, then I guess I should repeat the same process for each user. Correct?jeremy_sg wrote:The admin user could reset their passwords at once, but that might not be what you want.
You do not need to be logged in to the AD domain when using AD authentication. The user can put in his domain username and password into the login dialog, and the client encrypts it and sends it to the server. The server (which is on the domain), then authenticates that username and password against AD. It was specifically coded this way to allow clients that are not on the domain to use AD passwords.
The method for setting up AD auth for a user is this:
1. Make sure that you have the domain specified for the server computer (in the Vault Admin tool, under server options), and that you are impersonating a domain user (You can use IdentitySwitcher to change the impersonation. Seehttp://support.sourcegear.com/viewtopic ... tyswitcher)
2. The vault username must match the windows domain user name, so if your domain user name is DOMAIN\HisUserName, then the Vault user name should be HisUserName, and the DOMAIN should be specified in the admin tool.
3. In the Vault client login screen, the username will just be HisUserName, and the password will be the domain password.
Two things you should know after you get this set up.
1. Vault can't warn a user when their AD password is about to expire.
2. Vault can't change a user's AD password.
1. Make sure that you have the domain specified for the server computer (in the Vault Admin tool, under server options), and that you are impersonating a domain user (You can use IdentitySwitcher to change the impersonation. Seehttp://support.sourcegear.com/viewtopic ... tyswitcher)
2. The vault username must match the windows domain user name, so if your domain user name is DOMAIN\HisUserName, then the Vault user name should be HisUserName, and the DOMAIN should be specified in the admin tool.
3. In the Vault client login screen, the username will just be HisUserName, and the password will be the domain password.
Two things you should know after you get this set up.
1. Vault can't warn a user when their AD password is about to expire.
2. Vault can't change a user's AD password.