search

LastSquirrelIT / MultiOneTimePassword-CredentialProvider

Aims to improve the overall security of the Windows logon process by adding 2FA Authentication. Uses multiOTP as authentication endpoint.
Apache License 2.0
94 stars 44 forks source link

Unable to change password for expired pwd #11

Open buenos97 opened 9 years ago

buenos97 commented 9 years ago

Hi,

When a user ID's password expires, Windows can prompt user to change password after s/he logs in. However, when mOTP-CP is enforced, it won't show you the dialog to change password but rather go back to initial login screen. Could you help advise how to fix it? Thank you!

Regards Jing

DominikPretzsch commented 9 years ago

Thank you for your report. We moved this provider to another backend, recently. I'll resolve this failure as soon as possible.

Could you install the debug version, replay this scenario and send me the log file under C:\ ? This would help to fix it faster. Please use a test account as the log may contain sensible information.

buenos97 commented 9 years ago

Hi Dominik,

Thank you for the quick response! I found that this issue only happened on 3.0 RC1, not 2.2.1.

Could you guide me on how to install the debug version? I will collect the the log files.

P.S. how to send the log file to you?

DominikPretzsch commented 9 years ago

No need anymore. I already found the root of the problem. :)

Fixing as soon as possible.

Best regards Dominik Pretzsch

2015-08-10 13:42 GMT+02:00 buenos97 notifications@github.com:

Hi Dominik,

Thank you for the quick response! I found that this issue only happened on 3.0 RC1, not 2.2.1.

Could you guide me on how to install the debug version? I will collect the the log files.

P.S. how to send the log file to you?

— Reply to this email directly or view it on GitHub https://github.com/LastSquirrelIT/MultiOneTimePassword-CredentialProvider/issues/11#issuecomment-129417263 .

Last Squirrel IT Dominik Pretzsch

Humboldtstr. 2 09130 Chemnitz, Germany

USt-IdNr.: DE290444313

Diese E-Mail enthaelt vertrauliche und/oder rechtlich geschuetzte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtuemlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser E-Mail ist nicht gestattet.

This email may contain confidential and/or privileged information. If you are not the intended recipient (or have received this email in error) please notify the sender immediately and destroy this email. Any unauthorized copying, disclosure or distribution of the material in this email is strictly forbidden.

wvrzel commented 8 years ago

Any news on this topic? We are thinking about advising this CP to our customers. But this bug and the fact, that the very first login after a reboot fails every single time, are crucial for us.

neb382 commented 7 years ago

Hi, does anyone still work on this project? I encounter the same bug, password change it not possible.

multiOTP commented 6 years ago

Hello,

Please note that we have enhanced this MultiOneTimePassword-CredentialProvider thanks to various contributors, including arcadejust, and it's now available in the multiOTP project (https://github.com/multiOTP/multiOTPCredentialProvider). We will do enhancements in this fork.

Regards,