KfW and Expired Passwords

Wed Apr 26 21:49:48 EDT 2006

I'm confused about how KfW deals with expired passwords.

I'm not sure if what I'm seeing is the correct behavior or if I don't have 
things configured quite right, but there seems to be several issues.

1) The FIRST time I try to acquire credentials (after starting the Network 
Identity Manager) and the password has expired, I see a small bubble in 
the system tray that says the password has expired.  Ok... that's good, 
but there's also a good chance someone could miss that... especially with 
a cluttered desktop.  It would be nice if it said something right in the 
"New credentials" dialog where it's asking for your password.

2) In fact, ONE time it SEEMS like it did say something like "password has 
expired" in the "Credentials" area of the "New Credentials" dialog and you 
were supposed to click on "expired" (or some highlighted text).  But I 
can't seem to recreate this behavior. Now all I get is the one time system 
tray bubble.  Even the ONE time the "expired" link was displayed in the 
"Credentials" area of the "New Credentials" dialog, the only thing it did 
was take me to the "Kerberos 5 Ticket Options" dialog, which doesn't 
(appear) to have anything to do with changing the password.

3) After the FIRST time the system tray bubble said my password was 
expired any subsequent attempts to enter a password show no indication 
that there's a problem in the New Credentials dialog.  The dialog just 
sits there.   Clicking OK, doesn't do anything.

4) The system tray icon has changed to a yellow "!", but assuming the user 
even notices this, hovering the mouse over the icon doesn't give any 
indication there's a problem... it just says "NetIDMgr - Ready".

5) If I click on the system tray yellow "!" netidmgr icon, then it brings 
up the "Network Identity Manager".  In the lower-right status area there's 
a red circle with an "X" that says "Failed to Acquire Credentials", but no 
indication of WHY it failed to acquire the credentials... in other words... 
no indication that the password has expired.

6) The only way (it seems) to get any indication that the password has 
expired is to completely exit the Network Identity Manager (ie. right 
click on the sys tray icon and click "Exit"), then restart the Network 
Identity Manager and try to get new credentials again.... AND watch for 
the little system tray bubble.

7) Once a user finally discovers the problem is an expired password, then 
they need to realize they have to "Open NetIDMgr..." go to 
"Credential->Change password...".  It would be really helpful if the user 
were taken directly to the "Change Password" dialog as soon as it's 
discovered the password has expired.

Sooo...

Is there any way to get the "Password has expired" message to display 
somewhere more obvious and persistent then the one time system tray 
bubble?

Is there any way to get the "Password has expired" to display EVERY time 
an attempt to get new credentials is made with an expired password?

Is there any way to get the "Change Password" dialog to appear 
automatically if the password has expired?

Thanks.