Allowing or Forcing Password Reset for the Site

EFT Server provides the option to force password reset if the High Security module (HSM) is installed and activated. If enabled, users are forced to change their passwords on first use. You can enable the password reset page while disallowing general access to HTTP or HTTPS. When a new user logs in to EFT Server via the HTTP or HTTPS index page, EFT Server redirects the user to the reset page. After the user creates a new password, they are returned to the index page.

Password initial reset, expiration, and account management features only apply to GlobalSCAPE and ODBC authentication Sites. These options are not available if other authentication types (AD, LDAP) are used.

There is no way to ask FTP users to change their password prior to logging in. We must allow them to actually login (authenticate) but then prevent any further interaction with their session until they change their password.

Refer to Using the HSM with the Secure Ad Hoc Transfer Module if you are using a PCI DSS Site.

When a user logs in to the HTTPS index page and the Force reset check box is selected, the user is automatically redirected to the account-management page if:

The /manageaccount page is enabled and the user logs in with a temporary password.
The /manageaccount page and Redirect HTTP to HTTPS options are enabled, and the user logs in with a "temporary" password.
The user logs in with a temporary password to the FTP port or SFTP engine. (No commands are allowed other than exiting or changing the password until the password has been changed, and the user is prompted to change the password.)
An administrator logs in using a temporary password. A warning appears to prompt the administrator to supply a new password.

To configure the Site to enforce password reset

In the administration interface, connect to EFT Server and click the Server tab.
In the left pane, click the Site that you want to configure.
In the right pane, click the Security tab.
Select the Allow users to reset their passwords check box.
- If you want users to reset their password upon initial login, select the Force users to reset their passwords on initial login check box.
- If you want to expire user passwords, configure password expiration options.
Click Apply to save the changes on EFT Server. Users will be prompted to change their password when they log in to the Site.

This online help file is for EFT Server version 6.3.x. For other versions of EFT Server, please refer to http://help.globalscape.com/help/index.html.

(If the Index and Contents are hidden, click Show Contents pane in the top left corner of this topic.)

If this help topic did not help you, search the Knowledgebase or pose your question in the GlobalSCAPE User Forum.

For the most up-to-date information, to view version history, updates, and activation instructions; or to download a PDF of this user guide, visit the Support Center at http://www.globalscape.com/support.

Leave compliments or complaints regarding the help in the User Forum. At a minimum, please provide the topic title and why you needed help.

For information about GlobalSCAPE, visit www.globalscape.com, subscribe to our Secure Info Exchange blog, or follow us on Twitter.

Last modified: 20-Dec-11 at 15:59:57