J
Jim Garrison
We use a SonicWall VPN appliance that can do LDAP to ActiveDirectory.
For security reasons, I don't want to use the domain userID/password
to authenticate to the VPN. I want each user to have a separate
login and password just for the VPN connection. That part's easy.
For example, if the user's domain userID is, say, jsmith, I
set up a second user, jsmith-vpn, and make them a member of a
group that the SonicWall recognizes as granting VPN access ONLY.
So far, all this works.
What I can't figure out how to do is give each individual user
password management capability over their VPN userID. Each user
should have the ability to change the password for their own
alternate user ID.
The only way I can see to do this is to have them actually login
as the VPN user on their laptop/workstation and use the standard
Windows password-change mechanism.
What I'd prefer is a simple command-line or gui capability that
a user could access while logged in as their normal domain userID.
In other words, a program that has the following 'interface':
user: logged in as jsmith
user: change password for userID jsmith-vpn
system: enter current password for jsmith-vpn
user: [enters current password]
system: enter new password for jsmith-vpn
user: [enters new password]
system re-enter new password
user: [re-enters new password]
system: password updated
Does something like this exist?
Anyone have any suggestions on where to look?
Is this something that could be easily and securely accomplished
with Windows Scripting? I'm an experienced Linux/Java developer, but
don't have much of a background in Windows scripting, so some pointers
on where to look for information would be appreciated.
For security reasons, I don't want to use the domain userID/password
to authenticate to the VPN. I want each user to have a separate
login and password just for the VPN connection. That part's easy.
For example, if the user's domain userID is, say, jsmith, I
set up a second user, jsmith-vpn, and make them a member of a
group that the SonicWall recognizes as granting VPN access ONLY.
So far, all this works.
What I can't figure out how to do is give each individual user
password management capability over their VPN userID. Each user
should have the ability to change the password for their own
alternate user ID.
The only way I can see to do this is to have them actually login
as the VPN user on their laptop/workstation and use the standard
Windows password-change mechanism.
What I'd prefer is a simple command-line or gui capability that
a user could access while logged in as their normal domain userID.
In other words, a program that has the following 'interface':
user: logged in as jsmith
user: change password for userID jsmith-vpn
system: enter current password for jsmith-vpn
user: [enters current password]
system: enter new password for jsmith-vpn
user: [enters new password]
system re-enter new password
user: [re-enters new password]
system: password updated
Does something like this exist?
Anyone have any suggestions on where to look?
Is this something that could be easily and securely accomplished
with Windows Scripting? I'm an experienced Linux/Java developer, but
don't have much of a background in Windows scripting, so some pointers
on where to look for information would be appreciated.