SharePoint remembering changed password

Question

Hey all,

I'm witnessing some strange behavior with SharePoint when changing user's Active Directory passwords.

I created a custom Application Page to change a user's password in Active Directory. The code seems to be working great as I can verify within Windows that the password was changed.

However, the strange thing is that after the password change, SharePoint will allow the user to log in with both their newly changed password and their old password. Essentially allowing them to log in with two different passwords.

I verified that this is something within SharePoint as I can only log into Windows with the newly updated password.

Does anybody know why this would happen? I can't seem to find any info on the web regarding SharePoint caching credentials or anything. Any thoughts would be greatly appreciated.

Thanks in advance.

Answer 1

Are you getting the Authentication Popup in the Browser ? or is it configured to login with the current logon user name ? If it is configured to use current logon user name it wont matter if you changed the Password. did you tried other Browser's other than IE ?

Answer 2

This is expected behaviour: http://support.microsoft.com/kb/906305

Microsoft Windows Server 2003 Service Pack 1 (SP1) modifies NTLM network authentication behavior. After you install Windows Server 2003 SP1, domain users can use their old password to access the network for one hour after the password is changed. Existing components that are designed to use Kerberos for authentication are not affected by this change.