Operating System - OpenVMS
1832149 Members
3075 Online
110038 Solutions
New Discussion

Detecting expired passwords in a C program

 
Scott Dawson_2
New Member

Detecting expired passwords in a C program

I have a web interface to an openVMS applicatin. I have routines to add users, validate pswd, modify pswd. I am having a heck of a time checking if a pswd is expired. When using the sys$getuai utility, and checking the UAI_Flags, I get a successful status but a 0 for result. Even when the accnt is expired. What's the correct way to check for expired password from a C program?

Thanks
7 REPLIES 7
Ian Miller.
Honored Contributor

Re: Detecting expired passwords in a C program

can you post the code fragment as a txt attachment here?
____________________
Purely Personal Opinion
Hein van den Heuvel
Honored Contributor

Re: Detecting expired passwords in a C program


pwd_expired is tricky, non-intuitive, as there is the flag bit at play, as well as a date stamp. A simple MODI/FLA=PWDEXPI will mark the date field, NOT the flag bit. Witness:

UAF> SHOW TEST
:
Flags:
:
Pwdchange: 18-FEB-2005 14:59
:
UAF> MODI TEST/FLAG=PWDEXPIRED
Flags:
:
Pwdchange: (pre-expired)


Or with a little tool that I wrote and will attach:

$ MCR AUTHORIZE MODI TEST /NOPWDEXPI
%UAF-I-MDFYMSG, user record(s) updated
$ GETUAI TEST USERNAME FLAGS PWD_DATE
USERNAME,FLAGS,PWD_DATE
TEST,00000000,21-FEB-2005 13:21:18.70
$ MCR AUTHORIZE MODI TEST /PWDEXPI
%UAF-I-MDFYMSG, user record(s) updated
$ GETUAI TEST USERNAME FLAGS PWD_DATE
USERNAME,FLAGS,PWD_DATE
TEST,00000000, 0 00:00:00.00

The PWD_EXPIRED flag will only be set if

1. The user logs in
2. The password has expired (see below)
3. The user is set not to be forced to change an expired password on login i.e. DISFORCE_PWD_CHANGE is set.


hth,
Hein.

HP Internal folks... This is discussed in:
VAXAXP::NOTES$ARCHIVE:VMSNOTES_V12 topic 1783

Scott Dawson_2
New Member

Re: Detecting expired passwords in a C program

Here's a code snippet. After reviewing the replies to this, I'd also like to ask "what" is the preferred way to do this?

The value in uflags (from attachment) is 0 and return_status = 1.

Anyhow...thanks for the help
Scott Dawson_2
New Member

Re: Detecting expired passwords in a C program

After reviewing the above posts and the limits of checking flags. Would a better approach be to check the date of pwdchange and add the pwdlifetime. If the result is < current datetime, I force them to reset the password. I was hoping for a simple check.

Let me know if I'm going in the wrong direction.

thanks
Bojan Nemec
Honored Contributor

Re: Detecting expired passwords in a C program

Scott,

The UAI$M_PWD_EXPIRED flag is set when the user tryes to login and his password is expired. Please read the Description section of the SYS$QETUAI system service:

http://h71000.www7.hp.com/doc/732FINAL/4527/4527pro_005.html#index_x_630

It gives you an explanation how the flag is set.

Bojan
Kris Clippeleyr
Honored Contributor

Re: Detecting expired passwords in a C program

Scott,


Would a better approach be to check the date of pwdchange and add the pwdlifetime. If the result is < current datetime, I force them to reset the password. I was hoping for a simple check.


That's exactly what LOGINOUT does. As per the manual:
"During a normal login when the UAI$V_DISFORCE_PWD_CHANGE bit is not set, the system compares UAI$_PWD_DATE against UAI$_PWD_LIFETIME and, if expired, forces the user to change the password. With this configuration, the UAI$V_PWD_EXPIRED bit is not set."

So, your on the right track.

Regards,
Kris (aka Qkcl)


I'm gonna hit the highway like a battering ram on a silver-black phantom bike...
Ian Miller.
Honored Contributor

Re: Detecting expired passwords in a C program

It appears you have to check that the password last modified date plus the password life time value are older then the current date & time.
____________________
Purely Personal Opinion