HPE Community
Operating System - OpenVMS
1832149 Members
3075 Online
110038 Solutions
New Discussion

Detecting expired passwords in a C program

 
Scott Dawson_2
New Member

‎02-21-2005 04:30 AM

‎02-21-2005 04:30 AM

Detecting expired passwords in a C program

I have a web interface to an openVMS applicatin. I have routines to add users, validate pswd, modify pswd. I am having a heck of a time checking if a pswd is expired. When using the sys$getuai utility, and checking the UAI_Flags, I get a successful status but a 0 for result. Even when the accnt is expired. What's the correct way to check for expired password from a C program?

Thanks
0 Kudos
Reply
7 REPLIES 7
Ian Miller.
Honored Contributor

‎02-21-2005 04:49 AM

‎02-21-2005 04:49 AM

Re: Detecting expired passwords in a C program

can you post the code fragment as a txt attachment here?
____________________
Purely Personal Opinion
0 Kudos
Reply
Hein van den Heuvel
Honored Contributor

‎02-21-2005 05:26 AM

‎02-21-2005 05:26 AM

Re: Detecting expired passwords in a C program


pwd_expired is tricky, non-intuitive, as there is the flag bit at play, as well as a date stamp. A simple MODI/FLA=PWDEXPI will mark the date field, NOT the flag bit. Witness:

UAF> SHOW TEST
:
Flags:
:
Pwdchange: 18-FEB-2005 14:59
:
UAF> MODI TEST/FLAG=PWDEXPIRED
Flags:
:
Pwdchange: (pre-expired)


Or with a little tool that I wrote and will attach:

$ MCR AUTHORIZE MODI TEST /NOPWDEXPI
%UAF-I-MDFYMSG, user record(s) updated
$ GETUAI TEST USERNAME FLAGS PWD_DATE
USERNAME,FLAGS,PWD_DATE
TEST,00000000,21-FEB-2005 13:21:18.70
$ MCR AUTHORIZE MODI TEST /PWDEXPI
%UAF-I-MDFYMSG, user record(s) updated
$ GETUAI TEST USERNAME FLAGS PWD_DATE
USERNAME,FLAGS,PWD_DATE
TEST,00000000, 0 00:00:00.00

The PWD_EXPIRED flag will only be set if

1. The user logs in
2. The password has expired (see below)
3. The user is set not to be forced to change an expired password on login i.e. DISFORCE_PWD_CHANGE is set.


hth,
Hein.

HP Internal folks... This is discussed in:
VAXAXP::NOTES$ARCHIVE:VMSNOTES_V12 topic 1783

0 Kudos
Reply
Scott Dawson_2
New Member

‎02-21-2005 05:46 AM

‎02-21-2005 05:46 AM

Re: Detecting expired passwords in a C program

Here's a code snippet. After reviewing the replies to this, I'd also like to ask "what" is the preferred way to do this?

The value in uflags (from attachment) is 0 and return_status = 1.

Anyhow...thanks for the help
0 Kudos
Reply
Scott Dawson_2
New Member

‎02-21-2005 06:52 AM

‎02-21-2005 06:52 AM

Re: Detecting expired passwords in a C program

After reviewing the above posts and the limits of checking flags. Would a better approach be to check the date of pwdchange and add the pwdlifetime. If the result is < current datetime, I force them to reset the password. I was hoping for a simple check.

Let me know if I'm going in the wrong direction.

thanks
0 Kudos
Reply
Bojan Nemec
Honored Contributor

‎02-21-2005 07:13 AM

‎02-21-2005 07:13 AM

Re: Detecting expired passwords in a C program

Scott,

The UAI$M_PWD_EXPIRED flag is set when the user tryes to login and his password is expired. Please read the Description section of the SYS$QETUAI system service:

http://h71000.www7.hp.com/doc/732FINAL/4527/4527pro_005.html#index_x_630

It gives you an explanation how the flag is set.

Bojan
0 Kudos
Reply
Kris Clippeleyr
Honored Contributor

‎02-21-2005 06:23 PM

‎02-21-2005 06:23 PM

Re: Detecting expired passwords in a C program

Scott,


Would a better approach be to check the date of pwdchange and add the pwdlifetime. If the result is < current datetime, I force them to reset the password. I was hoping for a simple check.


That's exactly what LOGINOUT does. As per the manual:
"During a normal login when the UAI$V_DISFORCE_PWD_CHANGE bit is not set, the system compares UAI$_PWD_DATE against UAI$_PWD_LIFETIME and, if expired, forces the user to change the password. With this configuration, the UAI$V_PWD_EXPIRED bit is not set."

So, your on the right track.

Regards,
Kris (aka Qkcl)


I'm gonna hit the highway like a battering ram on a silver-black phantom bike...
0 Kudos
Reply
Ian Miller.
Honored Contributor

‎02-21-2005 10:08 PM

‎02-21-2005 10:08 PM

Re: Detecting expired passwords in a C program

It appears you have to check that the password last modified date plus the password life time value are older then the current date & time.
____________________
Purely Personal Opinion
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.