Ryan, We have a 6 months password change policy for users with regular access and a 2 months password change policy for users with sensitive access.
So far, it has been a "nightmare" for Macs (10.5, 10.6,...) on our 802.1x network. EAP-TLS or change the mind of the security office have been the options that I have considered... Xpressconnect could help if users are willing to switch back to another SSID, and run Xpressconnect every time they change their password. Philippe Univ. of TN On Aug 4, 2011, at 5:01 PM, Holland, Ryan C. wrote: I have finally got my hands on MacOS 10.7 (lion) and have started running it through wireless tests. One item I find very worrisome is this: - Via WPA2-Enterprise (PEAP/MSCHAPv2), I connect to the SSID using username & password1; these credentials are then stored in the keychain - If I change my password to, say, "password2", then the next time I connect, the Mac fails authentication It seems that the Mac, if failing authentication, never prompts for the username & password to be reentered. Our university is soon to roll-out and enforce a 90-day password policy, and I am concerned that users will be unable to authenticate and forced to remove the password from their keychain. Have any of you run into this similar issue? If so, how do handle this behavior? (I don't recall it being this way in MacOS 10.6 or 10.5) ========== Ryan Holland Network Engineer, Wireless Office of the Chief Information Officer The Ohio State University 614-292-9906 holland....@osu.edu<mailto:holland....@osu.edu> Submit a Kudos to an OCIO employee!<http://www.surveygizmo.com/s/514095/giveociokudos> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.