|Applies To||Microsoft Active Directory as AxM DataStore|
RSA Access Manager 6.1 and 6.2
After changing a users password they are still able to use the old password for some time.
|Issue||Users are able to use old and new passwords after password change|
|Cause||This is a feature added in Windows 2003 SP1 or later. It allows NTLM (and LDAP) binds against the old password for a configurable period of time (default 1 hour).|
|Resolution||This time is configurable with the following registry key: |
Click Start, click Run, type regedit, and then click OK.
Locate and then click the following registry subkey:
On the Edit menu, point to New, and then click DWORD Value.
Type OldPasswordAllowedPeriod as the name of the DWORD, and then press ENTER.
Right-click OldPasswordAllowedPeriod, and then click Modify.
In the Value data box, type the value in minutes that you want to use, and then click OK.
|Notes||See KB906305 for more information:|
|Legacy Article ID||a62203|