The PWM v4.0 beta build has been posted at:

http://developer.novell.com/wiki/index.php/Special:Downloads/pwm/Development~~~Releases/pwm_b766...

v4.0 features:
- Completely overhauled look and feel, now based on CSS instead of HTML tables.
- Supports for browsers without cookies and/or javascript

Comments, suggestions and bug reports are encouraged!

PWM Developer Community:

http://developer.novell.com/wiki/index.php/Pwm

Great notes! Thanks for posting!

Here's some of the notes I've made for myself while installing PWM. It's
not perfect, but someone may find it useful.

Regards

Craig

Installing PWM Password Manager Servlet

1. Run mkdir /usr/java

2. Copy jdk-6u7-linux-i586.bin to /usr/java

3. Run ./jdk-6u7-linux-i586.bin

4. Run export JAVA_HOME=/usr/java/jdk1.6.0_07

5. Extract apache-tomcat-6.0.18.tar.gz to /usr

6. Run export CATALINA_HOME=/usr/apache-tomcat-6.0.18

7. NOTE: You should add the two export commands to the root
users .bashrc file

8. Run the following commands to configure Tomcat

a. cd $CATALINA_HOME/bin

b. tar xvfz jsvc.tar.gz

c. cd jsvc-src

David,

A couple thoughts:

Pre-populating with 'known' questions somewhat defeats the security of having "out of band" security questions/answers.

You might look at morphing the "Activation" functionality for forgotten passwords. It effectively does the same thing as the forgotten password servlet, except that its using ldap values instead of the stored responses.

Otherwise, there isn't a tool to mass-pre-populate pwm responses. The API is pulbic and it would not be complex to write, but does require java skills. That would be a good feature enhancement.

I beleive there is a cool solution on pre-populating the NMAS tools using a similar API and an IDM connector, however this wouldn't help PWM users much as PWM doesn't use the nmas stored responses, it only saves them when a user modifies their responses in PWM.

Hope this helps,

-jason

We are getting ready to convert our users over from Netware/eDirectory
for file/print to Windows/AD. We have IDM in place keeping user's
passwords and other identity data in sync however, the inevitable is
going to happen. People are going to lock themselves out of their
workstation because they will.

Our helpdesk is already going to be slammed with other issues and I'd
really like to stand up PWM as a place that we can direct our users to
who simply need a password reset.

Is there any way we can pre-load the users with "known" values so that
they can do some level of self service?

We are getting ready to convert our users over from Netware/eDirectory
for file/print to Windows/AD. We have IDM in place keeping user's
passwords and other identity data in sync however, the inevitable is
going to happen. People are going to lock themselves out of their
workstation because they will.

Our helpdesk is already going to be slammed with other issues and I'd
really like to stand up PWM as a place that we can direct our users to
who simply need a password reset.

Is there any way we can pre-load the users with "known" values so that
they can do some level of self service?

The timing is such that I don't have the luxury of getting users to go
to a site and fill in the answers on their own - so getting info from HR
that only the employee will know is my best shot and alleviating a
significant portion of the helpdesk calls that we're expecting.

Thanks in advance!
Dave

Here's some of the notes I've made for myself while installing PWM. It's
not perfect, but someone may find it useful.

Regards

Craig

Installing PWM Password Manager Servlet

1. Run mkdir /usr/java

2. Copy jdk-6u7-linux-i586.bin to /usr/java

3. Run ./jdk-6u7-linux-i586.bin

4. Run export JAVA_HOME=/usr/java/jdk1.6.0_07

5. Extract apache-tomcat-6.0.18.tar.gz to /usr

6. Run export CATALINA_HOME=/usr/apache-tomcat-6.0.18

7. NOTE: You should add the two export commands to the root
users .bashrc file

8. Run the following commands to configure Tomcat

a. cd $CATALINA_HOME/bin

b. tar xvfz jsvc.tar.gz

c. cd jsvc-src

d. autoconf

e. chmod +x configure

In the situation I discovered this afternoon the password policy required
unique passwords are required and a password history of 5 passwords were
enabled.

The environment was as follows:
1) SLES 10
2) Sun JDK 1.6 - downloaded from Sun's website and implemented on the server
3) Tomcat 5
4) PWM 1.3.0
5) passwordSetMethod=nmasChange

The bug occurs when trying to recover a password. All the user sees is a non
descriptive error page. In the tomcat output log you see a typical Java
exception, the interesting part being:

2008-09-03 14:47:54, WARN , pwm.Helper, {36} error setting random password
for user cn=testjp,ou=Users,o=PGP [LDAP: error code 53 - NDS error: bad
password (-222)] [10.2.234.19]
2008-09-03 14:47:54,233 [http-8080-Processor24] WARN
com.novell.password.pwm.Helper - {36} error setting random password for user
cn=testjp,ou=Users,o=PGP [LDAP: error code 53 - NDS error: bad password
(-222)] [10.2.234.19]

Hi Ben,

Thanks for getting back to me.

Generally we're just curious to know how other institutions have been
getting on with using it.

We looked at a few other apps (like the IDM User App) but, by the looks
of it, PWM seems to suit our needs best. Although the lack of support
for it is making a few people sweat!

I've spent the past week or so re-branding and reworking it a bit. Have
you had any problems while implementing / using it?

Cheers

Craig

From: pwm-general-bounces@forge.novell.com
[mailto:pwm-general-bounces@forge.novell.com] On Behalf Of Ben Walter
Sent: 01 September 2008 20:06
To: pwm-general@forge.novell.com
Subject: Re: [pwm-general] Anyone else using PWM in an
academicinstitution?

Craig,

Craig,

I believe there are 1 or 2 Tertiary institutions over here in li'l ol' NZ that use PWM...

Can I ask the reasoning behind your line manager's request?

Ben

From:
"Craig Russell" dmu.ac.uk>

To:
forge.novell.com>

Date:
9/2/2008 1:52 AM

Subject:
[pwm-general] Anyone else using PWM in an academic institution?

Hi,

I*m currently setting up PWM for use by both staff and students on and off campus.
My Line Manager has asked me to find out if any other academic institutions in the (United Kingdom or otherwise) are using PWM.
If you currently are, or are planning to, use PWM in your institution, could you drop me an email.

Cheers

Hi,

I'm currently setting up PWM for use by both staff and students on and
off campus.

My Line Manager has asked me to find out if any other academic
institutions in the (United Kingdom or otherwise) are using PWM.

If you currently are, or are planning to, use PWM in your institution,
could you drop me an email.

Cheers

Craig Russell

crussell@dmu.ac.uk

Hi,

 

I’m currently setting up PWM for use by both staff and
students on and off campus.

My Line Manager has asked me to find out if any other
academic institutions in the (United Kingdom or otherwise) are using PWM.

If you currently are, or are planning to, use PWM in your
institution, could you drop me an email.

 

With the latest stable release I've tested and discovered that if you do not
complete all the questions and answers properly in the setup of the
challenge/response, PWM either simply takes what you provide or produces an
unknown error.

Would it be possible for PWM to produce a specific error stating that the
questions and answers weren't completed properly and return back to the page
to allow the completion of the missing items?