Baanboard.com

Go Back   Baanboard.com > Forum > Baan Quick Support: Functional & Technical > Tools Administration & Installation

User login

Frontpage Sponsor

Main

Poll
For ERP LN feature pack upgrade, what method of install are you using?
Installation Wizard into existing VRC
37%
Installation Wizard into new VRC
39%
Manual into existing VRC
3%
Manual into new VRC
21%
Total votes: 38

Baanboard at LinkedIn


Reference Content

Reply
 
Thread Tools Display Modes
  #1  
Old 18th August 2010, 06:43
ian_j_albert ian_j_albert is offline
Member
 
Join Date: Jun 2010
Posts: 32
ian_j_albert is on a distinguished road
Baan: BAAN 6.1 - DB: MSSQL - OS: MS Server
Password Aging
Baan: ERP LN 6.1 FP5
DB: DB2 8.2 FP4
OS: AIX 5L 5.3
C/S: Both

Hi guys,

Question on password aging... There have been quite a few postings on password aging on baanboard so my question is regarding how some you deal with it.

We are actually running AIX 6.1

1) We able to enforce Password Aging for the users but we find some impractical usability issues. We've followed things in Infor Solution 119781
and 117156

2) The ttstppwchange session goes into an infinite loop if you try to run it without being triggered by the ttstppwdaging session. Does anyone find this to be a troublesome thing as users can not change their passwords at will

3) Our problem is that when we first create an account in LN for a user, the MIS will know their password. We want to enforce a password change for the user. So what we do is the following

A) MIS personnel create an LN account for a user. OS User Password Policy has been set to force the password to expire when the user will login the first timee f. [Days to Warn user before Password Expires=365, Password Max Age (weeks)=52]
B) User Logs in for the first time in Webtop and ttstppwchange executes and user is forced to change password
C) User must call up and inform MIS that they have changed their password and MIS must now change the User Password Aging Policy so it will not expire next. [Days to Warn user before Password Expires=7, Password Max Age (weeks)=52].

The items in brackets are the aging policy we set for the user in AIX using smitty. We would like skip step C because it is troublesome for MIS to be involved in it. Does anyone face this same issue or use their own scripts.

There's this product that may do the trick but how does everyone handle this issue? Via custom Unix scripts? http://www.disus.com/components/login_controls.html
Reply With Quote
  #2  
Old 3rd September 2010, 22:00
nmolinaa nmolinaa is offline
Member
 
Join Date: Jun 2009
Posts: 67
nmolinaa is on a distinguished road
Baan: ERP LN - DB: SQL2005 and Oracle - OS: HPUX, IBM AIX, Windows 2003 server
Hello Ian,

Here's a few pointers.

2) The ttstppwchange session goes into an infinite loop if you try to run it without being triggered by the ttstppwdaging session. Does anyone find this to be a troublesome thing as users can not change their passwords at will

Update ttstppwchange to the latest fix. This situation has been fixed already on the latest object for the session.

3) Our problem is that when we first create an account in LN for a user, the MIS will know their password. We want to enforce a password change for the user. So what we do is the following

The problem with this is that the password aging object will check for the status of the user account. When you first create an account at the OS level the binary $BSE/bin/badmin6.x will do that via PAM; PAM might actually return a message to badmin6.x that tells the status of the account to the password aging object... I think the problem to implement this might be that password aging will only allow your users to change their password when their accounts at the OS level are reported by PAM to be in a certain status. This is hard coded. You might have to actually put an enhancement request for password aging to handle this scenario. Maybe nprao has implemented something like this with a custom script.

Regards,

Nestor.
Reply With Quote
Sponsored Links
  #3  
Old 6th September 2010, 04:56
ian_j_albert ian_j_albert is offline
Member
 
Join Date: Jun 2010
Posts: 32
ian_j_albert is on a distinguished road
Baan: BAAN 6.1 - DB: MSSQL - OS: MS Server
Hi Nestor,

Thanks for your information.

Apparently this is due the way AIX 6.1 handles password aging according to Infor. They mentioned that the latest porting set would solve this issue. We haven't updated the porting set yet since this machine has gone into production so we decided this would be a risk we didn't want to take at the moment.

Regards,
Ian
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Password aging - ttstppwdaging can’t see passw expiration amaslak Operating Systems & Databases 0 4th February 2008 12:46
Password aging on AIX5.3 - ttstppwdaging can’t see password expiration amaslak Tools Administration & Installation 0 25th January 2008 17:30
PASSWORD AGING PATCH error (Can't read session or object ttstppwdaging) mr_suleyman Tools Development 5 19th July 2006 12:07
Password Aging with WorkTop shaboo Tools Administration & Installation 7 22nd February 2005 14:16
Solution for Password Aging for Baan IV dave_23 General Discussion & Chat 5 6th January 2005 18:43


All times are GMT +2. The time now is 15:15.


©2001-2017 - Baanboard.com - Baanforums.com