Novell GROUPWISE 7 - SECURITY ADMINISTRATION Manual page 5

users to select No Password Required with eDirectory (Windows client > Tools > Security >
Password).
NOTE: This option is not available in the Cross-Platform client or the WebAccess client.
As long as users who select this option are logged into eDirectory as part of their network login, they
are not prompted by GroupWise for a password when they access their GroupWise mailboxes. If
they are not logged in to eDirectory, they must provide their GroupWise passwords in order to
access their GroupWise mailboxes.
Using Novell SecureLogin to Handle GroupWise Passwords
If users have Novell SecureLogin installed on their workstations, you can select Enable Single Sign-
On (ConsoleOne > Tools > GroupWise Utilities > Client Options > Security > Password). This
allows GroupWise users to select Use Single Sign-On (Windows client > Tools > Security >
Password). Users need to provide their GroupWise mailbox password only once and thereafter
SecureLogin provides it for them as long as they are logged in to eDirectory.
NOTE: This option is not available in the Cross-Platform client or the WebAccess client.
Allowing Windows to Cache GroupWise Passwords
If you want to allow password information to be stored on Windows workstations, you can select
Allow Password Caching (ConsoleOne > Tools > GroupWise Utilities > Client Options > Security
> Password). This allows GroupWise users to select Remember My Password (Windows client >
Tools > Security > Password). Users need to provide their GroupWise mailbox passwords only once
and thereafter Windows provides them automatically.
NOTE: This option is not available in the Cross-Platform client or the WebAccess client.
Using Intruder Detection
Intruder detection identifies system break-in attempts in the form of repeated unsuccessful logins. If
someone cannot provide a valid username and password combination within a reasonable time, then
that person probably does not belong in your GroupWise system.
Intruder detection for the GroupWise Windows client and Cross-Platform client is performed by the
POA and is configurable. You can set the number of failed login attempts before lockout, the length
of the lockout, and so on. If a user is locked out, you can re-enable his or her account in ConsoleOne.
See Section 36.3.5, "Enabling Intruder Detection," on page 506.
Intruder detection for the GroupWise WebAccess client is built in and is not configurable. After five
failed login attempts, the user is locked out for 10 minutes. If a user is locked out, the user must wait
for the lockout period to end (unless you want to restart the WebAccess Agent).
Resetting GroupWise Passwords
In ConsoleOne, you can remove a user's password from his or her mailbox if the password has been
forgotten and needs to be reset (User object > Tools > GroupWise Utilities > Client Options >
Security > Password). If necessary, you can remove the passwords from all mailboxes in a post
office (Post Office object > Tools > Mailbox/Library Maintenance > Reset Client Options) This
resets all or users' client options settings, not just the passwords.
GroupWise Passwords 1113