User credential changes ignored if user logged in

Tri · Post by **Tri** » Fri Jun 10, 2005 2:01 pm

Client + Server 3.07.

1. User1 has logged in.

2. The Vault Admin changed the pwd of User1 (or switch authentication scheme Vault <-> Active Directory)

3. User1 is unaffected (can continue working with Vault Client).

4. If User1 disconnected and reconnects again, only at this time, the new credentials will be used.

I think this is inconsistent. When folder security is defined at the folder/file level, it is enforced immediately. Why should not that be the case for user credentials?

Can you offer the possibility of disconnecting the user connection whenever user credentials are changed?

Post by **jclausius** » Fri Jun 10, 2005 2:43 pm

Tri:

Password changes are not noticed until the next required presentation of those credentials. For Vault, this occurs at login.

As for currently logged in users, since they successfully presented credentials, and those credentials were valid at login. They are able to use the system until theu log out or their session has been terminated.

Tri · Post by **Tri** » Fri Jun 10, 2005 8:58 pm

OK. Is there anyway to terminate a specific user connection?

Reasons:
- I would like to enforce the pwd change to be effective immediately.

- An user might leave the Vault client logged in for weeks. The moment when the next log in will occur is unpredictable.

Post by **jclausius** » Sat Jun 11, 2005 8:25 am

With the architecture of IIS, this is not possible. About the only option would be to restart IIS. However, this would require EVERYONE to re-authenticate.

Tri · Post by **Tri** » Mon Jun 13, 2005 7:43 am

jclausius wrote:With the architecture of IIS, this is not possible. About the only option would be to restart IIS. However, this would require EVERYONE to re-authenticate.

In Admin tool, there is the "Logged In" status beside the name of the user. As there is a way to know if an user is logged in, can we do something on this partcular user?

In the event I restart IIS, what would happen to other users if they were in the middle of their activities? (add, check in, get latest, etc.) ?

Post by **jclausius** » Mon Jun 13, 2005 7:59 am

Tri wrote:In Admin tool, there is the "Logged In" status beside the name of the user. As there is a way to know if an user is logged in, can we do something on this partcular user?

I've logged this as a feature request.

Tri wrote:In the event I restart IIS, what would happen to other users if they were in the middle of their activities? (add, check in, get latest, etc.) ?

On a Get of a file, I don't think much would happen.

In the middle of an add/modify, probably not much except some abandoned files in the server's work directory. If there were any transactions, SQL Server should roll them back.

Tri · Post by **Tri** » Mon Jun 13, 2005 2:00 pm

Thank you for taking care of the feature request.

jclausius wrote:In the middle of an add/modify, probably not much except some abandoned files in the server's work directory. If there were any transactions, SQL Server should roll them back.

Does "abandoned file" mean a temporary file left over on the local hard disk of the server, and will stay there forever (clean up skipped because IIS was unexpectedly restarted)

Post by **jclausius** » Mon Jun 13, 2005 3:21 pm

Tri wrote:Does "abandoned file" mean a temporary file left over on the local hard disk of the server, and will stay there forever (clean up skipped because IIS was unexpectedly restarted)

My post was a bit ambiguous. If any files are in the working directory, the Vault server will clean things up on restart.