AnsweredAssumed Answered

No Prompt for Password Reset with User Connections

Question asked by bigtom on Jun 9, 2017
Latest reply on Jun 15, 2017 by TSGal

Product and version (FileMaker Pro 16.0.1)

OS and version OS X 10.11.6

Hardware iMac

Description

 

When accounts are set to require password reset on next sign-in and FMP for user connection client connects to server but does not sign-in to a file there is never a prompt to reset password. Technically not a sign-in, but having a temporary password remaining unchanged is not so safe. Temporary account names and passwords may have been emailed or possibly printed in some companies. I understand this is a case that is not likely to happen in many instances, but it is a security issue to some extent.Password remains as expired and checkbox set for required reset until user logs into a file on that server.

 

As a possible real world example, a new FMP user may be provided with a less than secure temporary password for a user connection account on FMS16 on an office LAN to maintain FMP required connection without opening a file. That user then connects to a file on a FMS14 cloud server and works as usual. If the credentials are saved to keychain in the server connection dialog the user will likely never be prompted to reset the password ever with this work flow.

 

How to replicate

 

Add a new user and set password to require reset next sign-in.

 

Start FM Pro for user connections and wait or do work on local file until the connection dialog box is presented. Enter the credentials as assigned when user was created.

or

Select server in launch center and sign-in with credentials as assigned when user was created to view files but not sign-into a file.

 

Workaround (if any)

Do not use FileMaker native user authentication. Use external authentication (AD, OD, OAuth).

Outcomes