Baanboard.com

Baanboard.com (http://www.baanboard.com/baanboard/index.php)
-   Tools Administration & Installation (http://www.baanboard.com/baanboard/forumdisplay.php?f=2)
-   -   Password Aging (http://www.baanboard.com/baanboard/showthread.php?t=59024)

ian_j_albert 18th August 2010 05:43

Password Aging
 
Hi guys,

Question on password aging... There have been quite a few postings on password aging on baanboard so my question is regarding how some you deal with it.

We are actually running AIX 6.1

1) We able to enforce Password Aging for the users but we find some impractical usability issues. We've followed things in Infor Solution 119781
and 117156

2) The ttstppwchange session goes into an infinite loop if you try to run it without being triggered by the ttstppwdaging session. Does anyone find this to be a troublesome thing as users can not change their passwords at will

3) Our problem is that when we first create an account in LN for a user, the MIS will know their password. We want to enforce a password change for the user. So what we do is the following

A) MIS personnel create an LN account for a user. OS User Password Policy has been set to force the password to expire when the user will login the first timee f. [Days to Warn user before Password Expires=365, Password Max Age (weeks)=52]
B) User Logs in for the first time in Webtop and ttstppwchange executes and user is forced to change password
C) User must call up and inform MIS that they have changed their password and MIS must now change the User Password Aging Policy so it will not expire next. [Days to Warn user before Password Expires=7, Password Max Age (weeks)=52].

The items in brackets are the aging policy we set for the user in AIX using smitty. We would like skip step C because it is troublesome for MIS to be involved in it. Does anyone face this same issue or use their own scripts.

There's this product that may do the trick but how does everyone handle this issue? Via custom Unix scripts? http://www.disus.com/components/login_controls.html

nmolinaa 3rd September 2010 21:00

Hello Ian,

Here's a few pointers.

2) The ttstppwchange session goes into an infinite loop if you try to run it without being triggered by the ttstppwdaging session. Does anyone find this to be a troublesome thing as users can not change their passwords at will

Update ttstppwchange to the latest fix. This situation has been fixed already on the latest object for the session.

3) Our problem is that when we first create an account in LN for a user, the MIS will know their password. We want to enforce a password change for the user. So what we do is the following

The problem with this is that the password aging object will check for the status of the user account. When you first create an account at the OS level the binary $BSE/bin/badmin6.x will do that via PAM; PAM might actually return a message to badmin6.x that tells the status of the account to the password aging object... I think the problem to implement this might be that password aging will only allow your users to change their password when their accounts at the OS level are reported by PAM to be in a certain status. This is hard coded. You might have to actually put an enhancement request for password aging to handle this scenario. Maybe nprao has implemented something like this with a custom script.

Regards,

Nestor.

ian_j_albert 6th September 2010 03:56

Hi Nestor,

Thanks for your information.

Apparently this is due the way AIX 6.1 handles password aging according to Infor. They mentioned that the latest porting set would solve this issue. We haven't updated the porting set yet since this machine has gone into production so we decided this would be a risk we didn't want to take at the moment.

Regards,
Ian


All times are GMT +2. The time now is 17:29.


vB.Sponsors
©2001-2017 - Baanboard.com - Baanforums.com