User login
|
|
Frontpage Sponsor
|
|
Poll
|
How big is your Baan-DB (just Data AND Indexes) 0 - 200 GB 16% 200 - 500 GB 28% 500 - 800 GB 2% 800 - 1200 GB 9% 1200 - 1500 GB 9% 1500 - 2000 GB 14% > 2000 GB 21% Total votes: 43 |
Baanboard at LinkedIn
|

|
|
|
 |
|

26th January 2005, 17:14
|
 |
Guru
|
|
Join Date: Oct 2002
Location: Portland, OR
Posts: 1,303
|
|
Baan: All -
DB: Oracle / MS SQL / DB2 -
OS: All
|
opr01:!:238:125:Franci :/users/bsp/sys/opr01:/usr/bin/ksh
ah see there we go, if there is a "!" then it might need to be setuid root
chown root passage
chmod 4755 passage
hopefully that works, it seems like NIS vs NIS+ vs LDAP, etc all require
setuid root to access the encrypted password - and I use that to determine
whether or not the user actually changed his password.
Thanks for the support!
Dave
|

27th January 2005, 15:32
|
 |
Member
|
|
Join Date: Jan 2003
Location: Slovenia
Posts: 62
|
|
Baan: c4 -
DB: informix -
OS: AIX Unix 4.3.3.0
|
passage works vice versa ?
Hi,
I did as you told me (= ch.auth.). Now, what's new:
I started from the beggining - new first logging/creating file. Then:
- substract 1 day >> order to change pwd (as last time) - I changed it and that's it :-) now it works OK, just what troubles me is that day mess; by instructions this message has to appear after 85 days ?!?
- substract 88 days >> "You have -86 days remaining......." When I changed pwd, this message had not appeared any more.
My BW client is on WinXP. Test BaaN aplication is on IBM RISC/6000 server (an older one, but it works).
"log.passage" is enclosed (with my comments).
__________________
Franci
|

1st February 2005, 22:39
|
 |
Senior Member
|
|
Join Date: Mar 2002
Location: ~
Posts: 231
|
|
Baan: BaaN IV -
DB: Oracle 8 -
OS: UNIX
|
pstat...
Dave,
The 'pstat' function that you are using in the script, is it BaaN IV function or is it a unix/OS specific function?
Thanks,
NS
|

1st February 2005, 23:44
|
 |
Guru
|
|
Join Date: Oct 2002
Location: Portland, OR
Posts: 1,303
|
|
Baan: All -
DB: Oracle / MS SQL / DB2 -
OS: All
|
pstat() is just a standard Baan function. NP_RAO told me about it (so I assume it goes all the way up to Reger)
Dave
|

1st February 2005, 23:52
|
 |
Senior Member
|
|
Join Date: Mar 2002
Location: ~
Posts: 231
|
|
Baan: BaaN IV -
DB: Oracle 8 -
OS: UNIX
|
Dave,
Yes, it is a standard function. It wasnt there in the manual but the script compiled just fine. Thanks to NP for pointing this out.
Thanks,
NS
|

3rd February 2005, 17:26
|
 |
Member
|
|
Join Date: Feb 2002
Location: Israel
Posts: 54
|
|
Baan: BaanIV, BaanERP 5.0b and higher -
DB: Oracle/SQL -
OS: Unix/Win2000
|
The number in the user file under $BSE/security/
I have implemented the solution on one of the testing enviroment we have, but actually to continue doing all the test on the aging machanism, I need to understand the number created in the file under $BSE/security/user
For example the number in one of the files:
1107443196 1
What does this number mean 1107443196 ?
Thanks,
- Rain
|

3rd February 2005, 18:38
|
 |
Guru
|
|
Join Date: Oct 2002
Location: Portland, OR
Posts: 1,303
|
|
Baan: All -
DB: Oracle / MS SQL / DB2 -
OS: All
|
The first number is the date that the user's file was created or their last password change (represented in number of seconds from Jan 1 1970). The 2nd number is a flag for Active/Inactive.
Dave
|

3rd February 2005, 18:41
|
 |
Member
|
|
Join Date: Feb 2002
Location: Israel
Posts: 54
|
|
Baan: BaanIV, BaanERP 5.0b and higher -
DB: Oracle/SQL -
OS: Unix/Win2000
|
after 90 days of expiration
I have tested the script on HPUX 11.00 and moved the date to another 90 days from the first creation, when logging into BaanERP 5.0b it gives a message that account is expired but doesn't force the user to change it.
User can ignore the message each time loggs in and continue to work with BW.
Does this solution provide locking accounts when no action is taken by the user to change his password ??
thanks for your help,
- Rania
|

3rd February 2005, 19:12
|
 |
Guru
|
|
Join Date: Oct 2002
Location: Portland, OR
Posts: 1,303
|
|
Baan: All -
DB: Oracle / MS SQL / DB2 -
OS: All
|
depends on what you mean. The passage binary + the session that is coded above will lock users out of Baan. Not unix. if you want to use it for unix then you could script it into their .profiles or something similar.
Have a look on the website http://www.mr-paradox.com/passage.html
for more info on what it does vs. what it doesn't do. and for ideas on testing and scripting.
Dave
|

3rd February 2005, 19:14
|
 |
Guru
|
|
Join Date: Oct 2002
Location: Portland, OR
Posts: 1,303
|
|
Baan: All -
DB: Oracle / MS SQL / DB2 -
OS: All
|
Oh also, if you can test it with PWDEBUG=1 and send me the output I might be able to tell you more about what's going on..
Plus I'm working on some bug fixes (that will be on the website soon) that might address the problem as well.
Thanks!
Dave
|

3rd February 2005, 19:53
|
 |
Member
|
|
Join Date: Feb 2002
Location: Israel
Posts: 54
|
|
Baan: BaanIV, BaanERP 5.0b and higher -
DB: Oracle/SQL -
OS: Unix/Win2000
|
I think pstat didn't work
Thanks for your response,
Actually I made debugging of the script you provided with the pstat function and when running the session I don't get the right process number, therefore the kill command doesn't work in this situation, this what I meant locking not in the Unix level. The correct behaviour is to kill the bshell process from the first time user loggs in with expired pass and doesn't change it.right ?
Note: shurely it would very good solution if it's encoded for the Unix level in passage script in later stage.
I have BaanERP 5.0b
OS: HPUX 11.00
PortingSet: 7.1c.03
Any clue?
Thanks,
- Rain
|

3rd February 2005, 20:03
|
 |
Guru
|
|
Join Date: Oct 2002
Location: Portland, OR
Posts: 1,303
|
|
Baan: All -
DB: Oracle / MS SQL / DB2 -
OS: All
|
Right, if the user tries to log in and they are expired then the pstat portion should kill the process..
Interesting, you might be the first Baan 5 person to try this (I've mostly worked with Baan 4)
Maybe pstat is different in Baan 5 or maybe someone here can help with pstat - I'm really not much of a 4GL developer. NP you out there?
Dave
|

3rd February 2005, 20:07
|
 |
Guru
|
|
Join Date: Aug 2001
Location: Pacific NW, USA
Posts: 3,081
|
|
Baan: Baan 4-5,5.2(Reger),LN-6.1,Infor LN-10.x -
DB: Oracle,MS-SQL -
OS: HPUX, Linux, Windows
|
Quote:
I have tested the script on HPUX 11.00 and moved the date to another 90 days from the first creation, when logging into BaanERP 5.0b it gives a message that account is expired but doesn't force the user to change it.
|
You would need a fix for the porting set. Here is the info from my case -
Quote:
Case 2036414
TLS-NA: BaanLogin allows a user to login even though their account has expired
SITUATION DESCRIPTION:
blogind6.2 allows a user to login even though their account has expired.
SOLUTION DESCRIPTION:
The problem had already been fixed while fixing badmin6.2 previously. Since we just sent the executable with the first fix, the blogind6.2 executable was not delivered at the same time.
|
Rain, it helps if you give a screenshot of whats going on. I never had issues with pstat().
|

3rd February 2005, 20:45
|
 |
Member
|
|
Join Date: Feb 2002
Location: Israel
Posts: 54
|
|
Baan: BaanIV, BaanERP 5.0b and higher -
DB: Oracle/SQL -
OS: Unix/Win2000
|
badmin6.2 & pstat() values
NPRao,
Acually I didn't understand what's the role of badmin6.2 in this case when I'm trying to kill a bshell process through the script posted by dave. in the case it says when the account is expired, by which mechanism it's expired ??
I'm applying this solution which doesn't deal in the Unix level.
I'm somehow mixed up now.
Dave,
What value should be returned by pstat() for it to work properly?
Thanks,
- Rain
|

3rd February 2005, 21:54
|
 |
Guru
|
|
Join Date: Aug 2001
Location: Pacific NW, USA
Posts: 3,081
|
|
Baan: Baan 4-5,5.2(Reger),LN-6.1,Infor LN-10.x -
DB: Oracle,MS-SQL -
OS: HPUX, Linux, Windows
|
Rain,
There was a bug in the blogin/badmin binaries that allowed one to log into BaaN and work even if the password is expired and its fixed in the latest porting sets as I have indicated.
And I am not sure of Dave's logic how the password calculation is done.
If he is using the BaaN binaries to get the expiration dates etc, then his calculations will get wrong results -
Quote:
[DEV:bsp]/app/lms/lmss/opt/bse/bin>badmin6.2 -U
Insufficient or wrong option(s) provided
Baan Administration Tool
Usage: badmin6.2 [-pUuVv] [-qo outfile] [-qe errfile] -getpwd <user> <pwd> | -chkpwd <user> | -chkuser <user> | -chkgroup <group> | -ostype <ostype>
-p : Tag for Aged Password Notification. Has only effect with other flags
-U or -u : Print usage
-V or -v : Print release number
-qo outfile : Redirect standard output to file outfile
-qe errfile : Redirect error output to file errfile
-chkuser <user> : Returns 0 if user exists, else 1
-chkgroup <group> : Returns 0 if group exists, else 1
-chkpwd <user> : Returns 0 if successful, else 1
-getpwd <user> : Returns 0 if successful, else 1
-ostype <osname> : Returns 0 if ostype is osname, else 1
osname can be NT, OS400 or UNIX
[DEV:bsp]/app/lms/lmss/opt/bse/bin>
[DEV:bsp]/app/lms/lmss/opt/bse/bin>badmin6.2 -chkpwd bsp
2: Your password can be changed within 49D 4H 7M 28S.
|
As I mentioned, I never had issues with pstat(). you have to give a screenshot of whats going on and post if your code if you made any changes to Dave's base script.
Quote:
What value should be returned by pstat() for it to work properly?
|
Refer to the online manual for more info - pstat()
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Thread Tools |
|
Display Modes |
Linear Mode
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|