Re: How to enforce passwordchange within a client ACMS-application (391 Views)
Reply
Advisor
henk van dorp
Posts: 15
Registered: ‎11-15-2003
Message 1 of 7 (391 Views)
Accepted Solution

How to enforce passwordchange within a client ACMS-application

Hi all,

A client application running on a PC, connects to ACMS_DI to to run an ACMS-application.

ACMS_DI checks the existance of the username in ACMSUDU and validates the password in SYSUAF.

However the user accounts are network and Batch users,so password expiration is not detected in ACMS_DI.

Is there a way to detect password expiration and enforce the client to change his/her password (and apply it on VMS a secure way)?

Any suggestion is welcome

Thanks in advance

Henk
Honored Contributor
John Gillings
Posts: 2,995
Registered: ‎07-31-2003
Message 2 of 7 (391 Views)

Re: How to enforce passwordchange within a client ACMS-application

Henk,
$GETUAI can be used to check the UAF record for the current user. I've attached a small program to read the UAF record, check the two PWD_EXPIRED flags, and that the password expiry time has not been exceeded. The result in $STATUS. Low bit 0 if the password has expired.

How you force a change depends on how the use connects. Can you execute a SET PASSWORD command?

A crucible of informative mistakes
Advisor
henk van dorp
Posts: 15
Registered: ‎11-15-2003
Message 3 of 7 (391 Views)

Re: How to enforce passwordchange within a client ACMS-application

Hi john,

Thanks for your respons.
So far your answer confirms my idea how to handle this issue, but now it becomes interesting. I'm not that familiar with ACMS.

The application runs with an application-account. Question is if you issue a task within this proces, will it run under the application UIC or will it run under the user's UIC? In last case a set password might be possible I guess. In the first case the application should modify the UAF-password for the user.

Next question is: is the authentication in ACMS an one time occurence (as long as you are logged on) or does each task a renew authentication? (in other words: does the new password interfere processing with the old logon information? (I guess not, but you never know ;>) ))

Henk
Honored Contributor
Hein van den Heuvel
Posts: 6,588
Registered: ‎05-19-2003
Message 4 of 7 (391 Views)

Re: How to enforce passwordchange within a client ACMS-application

Well, you may have to add a task + server where the server is declared using:

USERNAME IS USERNAME OF TERMINAL USER ;

http://h71000.www7.hp.com/doc/721final/6604/6604pro_002.html

1.4.27 USERNAME Subclause (Server)
Indicates that the server process runs under the OpenVMS user name of the user, and has the same UIC and default directory as that user.

Beside using SYS$GETAUI you may want to check out opportunities for using a PDT (psuedo terminal driver) based solution.

Groetjes,
Hein.

Regular Advisor
Rob van Buiten
Posts: 128
Registered: ‎03-09-2004
Message 5 of 7 (391 Views)

Re: How to enforce passwordchange within a client ACMS-application

Hein,

thanks for your info.
I will pass this to our developpers.

with regards

Henk
Honored Contributor
Hein van den Heuvel
Posts: 6,588
Registered: ‎05-19-2003
Message 6 of 7 (391 Views)

Re: How to enforce passwordchange within a client ACMS-application

Rob/Henk,
Waar gebruiken ze ACMS in Nederland? Welke database? RDB neem ik aan?
Mijn eerste ervaringen me ACMS waren in nu zo'n 25 jaar geleden toen ik de PTT begeleide met een 'early field test' ;-). Stuur me eens een mailtje, misschien kan ik nog iets voor je betekenen als ik weer eens thuis kom. Stuur eens een Email?
Met vriendelijke groetjes,
Hein.


Advisor
henk van dorp
Posts: 15
Registered: ‎11-15-2003
Message 7 of 7 (391 Views)

Re: How to enforce passwordchange within a client ACMS-application

Ha ha, ik had een software case geopend voor HP-UX, hetgeen onder een andere naam moest ivm contracten. Deze thread nam dat account dus braaf over. Dus Rob = Henk in dit geval.

Ik mail je Hein

mvrgr
Henk

The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.