Re: [WIRELESS-LAN] MacOS Lion & Wireless Password Resets

[Hanset, Philippe C]

Ryan,

We have a 6 months password change policy for users with regular access
and a 2 months password change policy for users with sensitive access.

So far, it has been a "nightmare" for Macs (10.5, 10.6,...) on our 802.1x 
network.

EAP-TLS or change the mind of the security office have been the options that I 
have considered...

Xpressconnect could help if users are willing to switch back to another SSID, 
and run Xpressconnect every time they change their password.


Philippe
Univ. of TN


On Aug 4, 2011, at 5:01 PM, Holland, Ryan C. wrote:

I have finally got my hands on MacOS 10.7 (lion) and have started running it 
through wireless tests. One item I find very worrisome is this:
- Via WPA2-Enterprise (PEAP/MSCHAPv2), I connect to the SSID using username & 
password1; these credentials are then stored in the keychain
- If I change my password to, say, "password2", then the next time I connect, 
the Mac fails authentication
It seems that the Mac, if failing authentication, never prompts for the 
username & password to be reentered.

Our university is soon to roll-out and enforce a 90-day password policy, and I 
am concerned that users will be unable to authenticate and forced to remove the 
password from their keychain.


Have any of you run into this similar issue? If so, how do handle this 
behavior? (I don't recall it being this way in MacOS 10.6 or 10.5)

==
Ryan Holland
Network Engineer, Wireless
Office of the Chief Information Officer
The Ohio State University
614-292-9906   holland@osu.edu

Submit a Kudos to an OCIO 
employee!

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

Re: [WIRELESS-LAN] MacOS Lion & Wireless Password Resets

[Brad Katz]

We have had a similar issue with passwords not updating in the Keychain. We 
found that in Keychain Access under preferences under the first aid tab making 
sure all the boxes are checked including "Synchronize login keychain password 
with account" helps.

Brad








Brad Katz | Information Technology Specialist
"Wired for Success"
 
Arlington Heights School District 25 
1200 South Dunton Ave. 
Arlington Heights, Illinois  60005 
p. 847.758.3016  
f. 847.758.3015 
e.  bk...@sd25.org
Aim. bradk...@mac.com 

“Putting the FUN in dysfunctional"



On Aug 4, 2011, at 4:01 PM, Holland, Ryan C. wrote:

> I have finally got my hands on MacOS 10.7 (lion) and have started running it 
> through wireless tests. One item I find very worrisome is this:
> - Via WPA2-Enterprise (PEAP/MSCHAPv2), I connect to the SSID using username & 
> password1; these credentials are then stored in the keychain
> - If I change my password to, say, "password2", then the next time I connect, 
> the Mac fails authentication
> It seems that the Mac, if failing authentication, never prompts for the 
> username & password to be reentered.
> 
> Our university is soon to roll-out and enforce a 90-day password policy, and 
> I am concerned that users will be unable to authenticate and forced to remove 
> the password from their keychain.
> 
> 
> Have any of you run into this similar issue? If so, how do handle this 
> behavior? (I don't recall it being this way in MacOS 10.6 or 10.5)
> 
> ==
> Ryan Holland
> Network Engineer, Wireless
> Office of the Chief Information Officer
> The Ohio State University
> 614-292-9906   holland@osu.edu
> 
> Submit a Kudos to an OCIO employee!
> 
> ** Participation and subscription information for this EDUCAUSE 
> Constituent Group discussion list can be found at 
> http://www.educause.edu/groups/.
> 



CONFIDENTIALITY NOTICE: This email message is intended only for the person to 
whom it is addressed 
and may contain confidential and/or privileged material. Any unauthorized 
review, use, disclosure or 
distribution is prohibited. If you are not the intended recipient, please 
contact the sender by reply email
and destroy all copies of the original message. If you are the intended 
recipient but do not wish to receive 
communications through this medium, please so advise the sender immediately. 

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

RE: [WIRELESS-LAN] MacOS Lion & Wireless Password Resets

[Marcelo Lew]

Hmm, that is worrisome.  We have the same setup, but with 10.6 users do get 
prompted to re-enter username/password when these have changed.
I'll check with our support group that is doing some tests with 10.7 see if 
they have seen the same.

Thanks for bringing this up.

Marcelo Lew
Wireless Enterprise Administrator
University Technology Services
University of Denver
Desk: (303) 871-6523
Cell: (303) 669-4217
Fax:  (303) 871-5900
Email: m...@du.edu

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Holland, Ryan C.
Sent: Thursday, August 04, 2011 3:01 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] MacOS Lion & Wireless Password Resets

I have finally got my hands on MacOS 10.7 (lion) and have started running it 
through wireless tests. One item I find very worrisome is this:
- Via WPA2-Enterprise (PEAP/MSCHAPv2), I connect to the SSID using username & 
password1; these credentials are then stored in the keychain
- If I change my password to, say, "password2", then the next time I connect, 
the Mac fails authentication
It seems that the Mac, if failing authentication, never prompts for the 
username & password to be reentered.

Our university is soon to roll-out and enforce a 90-day password policy, and I 
am concerned that users will be unable to authenticate and forced to remove the 
password from their keychain.


Have any of you run into this similar issue? If so, how do handle this 
behavior? (I don't recall it being this way in MacOS 10.6 or 10.5)

==
Ryan Holland
Network Engineer, Wireless
Office of the Chief Information Officer
The Ohio State University
614-292-9906   holland@osu.edu

Submit a Kudos to an OCIO 
employee!

** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.






















.
**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.

MacOS Lion & Wireless Password Resets

[Holland, Ryan C.]

I have finally got my hands on MacOS 10.7 (lion) and have started running it 
through wireless tests. One item I find very worrisome is this:
- Via WPA2-Enterprise (PEAP/MSCHAPv2), I connect to the SSID using username & 
password1; these credentials are then stored in the keychain
- If I change my password to, say, "password2", then the next time I connect, 
the Mac fails authentication
It seems that the Mac, if failing authentication, never prompts for the 
username & password to be reentered.

Our university is soon to roll-out and enforce a 90-day password policy, and I 
am concerned that users will be unable to authenticate and forced to remove the 
password from their keychain.


Have any of you run into this similar issue? If so, how do handle this 
behavior? (I don't recall it being this way in MacOS 10.6 or 10.5)

==
Ryan Holland
Network Engineer, Wireless
Office of the Chief Information Officer
The Ohio State University
614-292-9906   holland@osu.edu

Submit a Kudos to an OCIO employee!


**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.