The HSM provides a method for resetting the password via FTP and SFTP. If you do not activate the HSM, this feature is disabled after the 30-day trial period expires.
On Sites defined using the "strict security settings", passwords are set by default to expire in 90 days.
|
|
EFT Server executes cleanup procedures every day at 00:00:00 UTC and at Server Startup. This daily server cleanup removes/disables inactive administrators and user accounts and sends password reset and expiration notifications for every Site. All reminder e-mail messages are sent immediately after flagging the accounts to be reminded. |
If a user with an expired password logs in over FTP, the user is prompted that the password is expired and must be reset. Until the password is successfully changed, EFT Server will not process any commands other than changing the password or exiting. If a user with an expired password logs in over SFTP, the user is forced to reset the password before continuing with the login process.
|
|
Password initial reset, expiration, and account management features only apply to GlobalSCAPE and ODBC authentication sites. These options are not available if other authentication types (AD, LDAP, etc.) are used. Password security features all apply to EFT Server, not to individual accounts. |
To expire a password after <n> days
In the administration interface, connect to EFT Server and click the Server tab.
In the left pane, click the user or Settings Template you want to configure, then click the Security tab.
If Password expiration options is not available, select the Allow users to reset their passwords check box.
Next to Password expiration options, click Configure.
To expire the password after a certain number of days, select the Expire passwords in check box, then specify the number of days.
Click Apply to save the changes on EFT Server.
If reminders are enabled In the administration interface, users are prompted when their account passwords are about to expire and after the account is expired.
The text of the password expired message, below, is stored by default in C:\Documents and Settings\All Users\Application Data\GlobalSCAPE\EFT Server Enterprise\PasswordResetMsg.html.
%full_name%, The password for account: %username% has expired. Please change your password at your earliest convenience. Instructions for changing your password via FTP, SFTP, and HTTP/S are provided below for your convenience: 1. Please enter the following URL into your browser: %reset_page% 2. Supply your current password when prompted 3. Enter your new password and confirm 4. If approved, exit the browser and login as normal.
The text of the password expiration reminder message, below, is stored by default in C:\Documents and Settings\All Users\Application Data\GlobalSCAPE\EFT Server Enterprise\PasswordResetReminderMsg.html.
% full_name%, The password for account: %username% will expire in %days_left% days. Please change your password at your earliest convenience. Instructions for changing your password via FTP, SFTP, and HTTP/S are provided below for your convenience: 1. Please enter the following URL into your browser: %reset_page% 2. Supply your current password when prompted 3. Enter your new password and confirm 4. If approved, exit the browser and login as normal.
Note: On Windows 2008, Application Data files for all users are in a hidden folder named %systemroot%\ProgramData instead of under Documents and Settings\All Users\Application Data.
|
|
You can edit the HTML file for the password messages; however, be sure not to change the variables, which are enclosed in percent signs (%text%). |
The account is not disabled; users with expired passwords may login if they provide their existing password and then the new password. Users are not allowed to proceed with their session until a password is created and accepted by the system.
In HTTP/S and SFTP, the authentication request will be denied.
In FTP, no further FTP commands will be accepted until a new password is provided that meets any complexity and reuse requirements.
If Expire password in N days is enabled, /manageaccount and the reset page are enabled, the password has expired, and the user logs in with an expired password, EFT Server automatically redirects the authenticated user to the reset page. (In HTTPS, the user is redirected to the rest page on the HTTPS port.)
When resetting passwords, all password complexity requirements, reuse history, and cyclical password-use checks apply, if those settings are enabled in the administration interface.
On a Site created using the "strict security settings" option, a warning message appears in the following situations:
If the Expire passwords check box is selected, and the account management / reset page is enabled, and the password has expired, and the user logs in with an expired password. If the user logs in with an expired password to the FTP port, no commands are allowed other than exiting or changing the password until the password has been changed, a prompt appears to remind the user to change the password.
If the Expire passwords check box is selected and an administrator logs in using an expired password, a warning appears to prompt the administrator to supply a new password.
If the Expire passwords check box is selected and a user logs in to the HTTP/S index page when their password is <n> days from the expiration period (<n> being the value set in the Remind users box), a prompt appears to remind the user to change the password.
If you clear the Disallow password reuse check box or set the expiration value to a number > 90.
If you disable account management over HTTPS, and the Expire passwords after <n> days check boxes is enabled.
If you clear the Expire passwords after <n> days check box, users for whom HTTPs login is enabled can change passwords over a dedicated HTTP/S account management page located at /manageaccount, which is a reserved path name on EFT Server.
