Information Technology at JPL

Directory and Authentication Service

JPL IT - Directory and Authentication Service

Frequently Asked Questions
Directory and Authentication Service

  1. What is the Self-Service Password Reset?

    The Self-Service Password Reset is an option for quickly and securely resetting a forgotten password by authenticating via answers you provide to pre-set Challenge and Responses.

  2. How do I reset a forgotten password?

    You must prepare in advance for an alternate means of authentication: Log into the Change JPL Password and Directory Listing page, and enter Challenge and Responses (a self-chosen question/answer and answers to five institutionally fixed questions). Once you have entered this information, you can go to the web page above, enter your Username in the "Forgot your password?" box, identify yourself by responding to the Challenges, and proceed to set a new password.

  3. What Challenge questions will pop up when I select "Forgot your password?"

    The system has been set to always ask your "User-set Challenge Question" along with two randomly selected "Institutionally Fixed Challenges."

  4. What constitutes a correct answer?

    Your Challenge Responses will be accepted if they are typed in exactly as they were originally set, with the following exceptions:

    • Case is ignored
    • Extra spaces are collapsed to one
    • Special characters ' " : ; . , ! _ are ignored.

  5. What if I forget my responses?

    Call 4-HELP for assistance.

  6. Who sees this information?

    This information is visible to you when logged into the Change JPL Password and Directory Listing page and to the Help Desk personnel who assist you with resetting your password.

  1. What passwords are expiring and why?

    The JPL Password, JPL Domain/Windows/Active Directory Password and the EBIS Password expire every 90 days, based on IT Security requirements in JPL Rules D-36852.

  2. What are my JPL Password and my JPL Domain password used for?

    Please see Passwords at JPL.

  3. How do I synchronize my passwords?

    Passwords are automatically synchronized via the Change JPL Password and Directory Listing page.

  4. How will I be notified that a password is expiring?

    An email will be sent alerting you that your password(s) are expiring and you need to reset them. You will continue to receive messages on the following schedule until you change your password(s).

    14 days before to expiration

    9 days before to expiration

    5 days before to expiration

    3 days before to expiration

    1 day before to expiration (Final Notice)

    On Windows systems authenticating to the JPL Domain, you will receive the standard Windows warning 5 days from expiration alerting you to change your password via the pop up (ctrl alt del function).

  5. If I change my JPL Domain Password via the Windows pop up, are my passwords synchronized? 

    No, you must use the Change JPL Password and Directory Listing page to synchronize your passwords.

  6. If I change my EBIS Password via the EBIS page, are my passwords synchronized?

    Yes, if you use the Synchronize Your Passwords link. Using the alternate link, Change Your EBIS Password, will break any previously established synchronization.

  7. What happens if I do not change my JPL Password prior to expiration?
    You cannot login with an expired password. Please call 4-HELP for assistance.
  8. How are Sponsored External Users notified that they have expiring passwords?

    If a sponsored external user has a valid email address in the JPL Directory, she/he will be notified via email as noted above.

    If an external user's password expires, she/he will need to call 4-HELP (818.354.4357).

  9. How do I change my JPL Domain password if I am a Mac user?
  10. What are the strength requirements of my password?

    Passwords must meet the strength requirements listed at the IT Security web site. You cannot reuse one of your last 24 passwords or any password used in the last 6 months.

  11. What do I do if I use a Srvtab/keytab?

    Srvtab/keytab files are not automatically updated when you change your password. Therefore you must update them to match when you change your password.

  12. What password do I use on my JPL Windows laptop that has not connected to the JPL Network since I changed my password?

    Use your previous password. Windows stores an encrypted version of your password on each system you use. Until that system is connected to the JPL Network (either directly or via VPN), your password change isn't recognized. You must continue to enter the last password used on the system until you reconnect to the network. You cannot change the locally stored copy of the JPL Domain Password unless your system is connected to the JPL Network.

  13. If I use remote access can I use my changed password?

    Yes, however you may have to Lock/Unlock your system or logoff and re-login depending on your operating system.

  14. Why does Windows tell me to Lock/Unlock after I change my password?

    Microsoft Windows keeps a copy of the last, verified JPL Domain password so you can authenticate when your system is not on the network. As a result, there may be times when your JPL Domain password will not match that stored password. Simply Lock/Unlock your system.

  1. How do I use my group list for email?
    Once you have set up a group to be used as a Mailing List, you are immediately able to email the group via [groupname] Thus, if you want to email the group 'demogroup', the email address will be The same rule applies when emailing a derived group with extensions of .us, .jpl or .usjpl. If you want to email only JPL employees within this group, the email address would be:
  2. How quickly do the updates of groups and email lists become effective?
    It depends on whether the group is a User Maintained Group or an Organizational Group:

    • User Maintained Groups:

      • Groups and email lists are updated immediately after updates are submitted through the Directory Groups Interface.
    • Organizational Groups (groups maintained by the JPL Directory):

      • Personnel information is updated every hour in the JPL Directory.
      • Group membership is updated nightly.
      • Email lists are updated at the same time as group membership.
  3. How do I find an Organizational Group?
    All Organizational Groups use the format To see a list of all Organizational Groups:
    • On the main page, click Search for existing group(s)
    • In the pop-up dialogue box type in and click Look Up!
    • In the lower portion of the box, all of the Organizational Groups will be listed. You may click into the individual groups to view the group details.
  4. Can I add or remove someone from an Organizational Group?
    No. Organizational Groups are institutionally maintained dynamically by the JPL Directory.
  5. What are private groups and why are they used?
    If you create a group as private, no one but the administrator will be able to see the the member list. It is recommended that most groups be made public. However, there are certain groups whose memberships need to be private, such as groups related to the Source Evaluation Board (SEB).
  6. I've just created a group and added some members, but when I logged into DocuShare, that interface said I'm the only member of the group.
    Until the other members of your group log into DocuShare since the group was created, your group will not show them as members. As each one logs in, their names will thereafter be listed as group members.
  7. What are derived groups, and why would I want them?
    Derived groups are automatically generated groups that consist of certain members of any group you create. There are three of them:
    • All members of your group who are JPL employees
    • All members who are U.S. persons
    • All members who are both JPL employees and U.S. persons
    See Derived Groups for a complete definition.

    For the most part, these groups are used to comply to ITAR regulations, since enabling "Create Derived Groups" when you create a group automatically creates and, from then on, maintains these groups.
  8. I've deleted a mailing list in the Directory Groups Interface, but the JPL Directory says the group still exists. Why is that?
    Groups are used for several applications other than mailing lists. You may, therefore, delete a mailing list while maintaining the group for other purposes. If you would like to delete the group entirely, see Delete a Group in the How to Use Interface pages.
  9. I've deleted a group in the JPL Directory interface, but I still see it in DocuShare. How do I get rid of it there?
    If you are a DocuShare librarian with Administrator privileges, do the following:
    1. Go to your project library
    2. Login, then click Accounts
    3. Click List All Registered Groups
    4. Find your group, then click the name
    5. From the pulldown menu, select Delete
    If you do not have Administrator privileges, ask your DocuShare librarian to delete the group in DocuShare.
  10. I've deleted a group in the JPL Directory interface that I want to recreate with the same name. However, the JPL Directory says the group still exists.
    You must delete the group in DocuShare before you can recreate it in JPL Directory Groups Interface (to do this, you must be a DocuShare librarian with administrator privileges):
    1. Go to your project library
    2. Login, then click Accounts
    3. Click List All Registered Groups
    4. Find your group, then click the name
    5. From the pulldown menu, select Delete
    Now you can return to the JPL Directory Groups interface and create the same group name again.
  11. I made a change using the interface, but it is not showing up in my browser. Why?
    Your browser may not be refreshing the page properly. Click your browser's Refresh button while holding down the Shift key to force a reload.

    If that does not work for Netscape 4 users, go to Edit -> Preferences..., select Advanced -> Cache from the left panel, then click Clear Memory Cache and Clear Disk Cache. Click the Refresh button to reload the page.
  12. How can I review a list archive?
    Follow step-by-step instructions: Review List Archives.
  13. How do I approve (moderate) a message for distribution?
    Follow step-by-step instructions: Approve/Moderate Messages.
  14. What is the effect of renaming a Directory group?
    Since a JPL Directory group can be used to authorize access for many services, you should consider the full impact of renaming it. When you change the name of an existing group, the corresponding email and calendar group list will be automatically changed and the JPL Domain permissions will remain the same. However, if DocuShare or other services use the group, you must submit a Service Request via or call 4-HELP to obtain assistance in updating the group permissions.