Hi all,

I'm looking at a way to detect a password reset (not a password set)
using the Challenge/Response NMAS method.
As far As I can see, only the password of the user is changed when a
user does a password reset. This is equal to a normal password set so
not useable.
I looked in the SNMP traps, but I can only see a normal passwordChange
trap, nothing special for reset.
I do not see any option to extend the NMAS module.
I do not see any option to extend eg the UserApp portlet that is used
in the frontend.
My last fallback would be the logfiles of the userapp... but writing a
business logic based on a log file does not seem best practice...
SSPR (Self Service Password Reset) that comes with IDM 4 has a plugable
architecture, so this might be a workaround, but this is not integrated
in the UserApp...

Anyone who can think of another method of detecting a password reset
(compared to a password set).

FYI: reason I need this: we are in a company with a charge back model.
Whenever someone in the company makes use of the service 'reset
password', some department will/must be billed for this...



scauwe's Profile: http://forums.novell.com/member.php?userid=5150
View this thread: http://forums.novell.com/showthread.php?t=450922