Announcement

Collapse
No announcement yet.

One-Way Trusts and user management.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • One-Way Trusts and user management.

    Hello,

    I have a web application "A" on it's own domain "A.org" and the main coporate domain is "corp.org". The application needs it's own domain for process privileges and is vendor supported.

    Users in corp.org are added to A.org to allow them to use the application on the corp.org workstations. There is a one way trust set up to do this.

    Recently we implemented a policy that required users to change their passwords every 90 days. The users are prompted by this policy from corp.org in application "A", however, when they follow the steps, then click "OK" to complete their password change, application "A" responds "there is an internal error" and to see their administrator.

    At this point I should add, these users mostly consist of physicians and simply instructing them to change thier password in another manner would be a last resort solution. It is also very frustrating for them to follow a process then be denied. The vendor is not willing to suppress this message, stating it is hard coded in their applicaiton, nor do they have a solution to allow password changes in the corp.org domain from application "A".

    I am sure that at one time, application "A" (of which I am the manager) requested I change my password and it worked with my corp.org domain login. I distinctly recall logging off the application after resetting my password from it and logging of my workstation, then logging back in to both using my new password. I was new at the time and so tested the functionality to understand how it was configured for end users. (Or, I'm on crack)

    Both the vendor and the IT group are stating a two-way trust must be implemented, to allow corp.org users to be allowed to changed their password for their corp.org accounts from application "A". Unfortunately, application "A" has confidential information that a two-way trust would compromise, and this would create a security and policy nightmare. Plus it is not vendor supported and this particular vendor likes to point fingers, so I would like to avoid providing that type of opportunity to them.

    Now finally my question:

    Is it possible to have a one-way trust, as is currently set up, that will allow corp.org users to change their orp.org account password from A.org?

    Thank you in advance for your assistance.

  • #2
    Re: One-Way Trusts and user management.

    Hi,

    I am not sure how your application A works but you can do a simple test in a lab or using test accounts and find out if you can change password of user's on corp from while logging on to domain A.org.
    Thanks & Regards
    v-2nas

    MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
    Sr. Wintel Eng. (Investment Bank)
    Independent IT Consultant and Architect
    Blog: http://www.exchadtech.blogspot.com

    Show your appreciation for my help by giving reputation points

    Comment

    Working...
    X