OS Auth (Windows domain): old password valid after password change (for a while)

Discussions about product bugs & problems!
Note: This is no replacement for the Official ETM Support!
Search
Advanced search
Post Reply
2 posts • Page 1 of 1
EER
Posts: 17
Joined: Fri Jun 12, 2015 1:31 pm

OS Auth (Windows domain): old password valid after password change (for a while)

Post by EER »

I have a Windows domain which WinCCOA uses for user login. When a user changes it's password it is possible to login with both the old and the new password. After a while (maybe 10 minutes?) this is fixed and only the new password works.

Is it considered normal or does is indicate some misconfiguration? I believe the changes should have an immediate effect.


The

Code: Select all

verifyOSUser
function part of the

Code: Select all

OaAuthMethodAD
class seems to be responsible for this. This is a "hidden" function can not inspect.
Top
User avatar
hpuchegger
Posts: 86
Joined: Fri Oct 08, 2021 10:38 am

Re: OS Auth (Windows domain): old password valid after password change (for a while)

Post by hpuchegger »

Dear EER,

this is a behavior of Active Directory when NTLM/LDAP is used for authentication. You can use a registry key on the domain controller to set how long the old password is valid.

Have a look at those links:
https://www.ibm.com/support/pages/old-p ... -directory
https://learn.microsoft.com/en-US/troub ... entication

If possible, you no longer want to use NTLM, but rather Kerberos or LDAPs. So, depending on how the AD is set up, this can be normal behavior.

Best regards / Schoene Gruesse
Herbert Puchegger
===========================================
WinCC OA - Support
ETM professional control GmbH
DI FA HMI ISW ETM PS CC
Top
Post Reply
2 posts • Page 1 of 1

Return to “Bugs / Problems”