|
Problem(Abstract) |
Users running with Global Security enabled authenticating
to an Active Directory LDAP may notice after changing a user's LDAP
password, the user is still able to login with the OLD password. |
|
Cause |
The problem is caused by a change in the NTLM network
authentication behavior on Windows®. See the following link for details:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;906305 |
|
Resolving the
problem |
To resolve this problem follow the steps in the above
article. If the above does not work or does not apply to your environment,
try disabling the AuthCache to be sure the authentication is going to the
back end registry each time. This can be achieved by setting the JVM
(Java™ Virtual Machine) Property:
Application servers > server1 > Process Definition > Java Virtual
Machine > Custom Properties. Click New.
Name: com.ibm.websphere.security.util.authCacheEnabled
Value: BasicAuthDisabled
For questions about this, please see this
Information Center article.
After setting this property and restarting the server, if the problem
still occurs then the problem is the back end registry is still
authenticating the old password. To resolve that, you would need to check
with the back end registry provider.
Note: It is not recommended to disable the AuthCache permanently. This is
only suggested for testing purposes. |
|
|
|
Cross Reference information |
Segment |
Product |
Component |
Platform |
Version |
Edition |
Application Servers |
Runtimes for Java Technology |
Java SDK |
|
|
|
|
|
|
|