Re: SET VMS user password from a remote application.

waliamanish · ‎09-05-2004

Hi all,
I am working in an application in which the front-end is Oracle Developer forms
and the backend is Open VMS. There is an requirement in which the user is allowed to change his/her VMS password from the front-end i.e. the Oracle developer form.

The user in this case won't be having the system privileges.

So far I am not able to find a solution for the above stated problem. I will appreciate if you can throw some light on this.

Antoniov. · ‎09-05-2004

Hi,
how your front-end is connected with backend?
If in front-end, your users have pathwork passwork and from front-end you can run a vms command you can use ADMIN MOD USER /PASSWORD.

Antonio Vigliotti

Antonio Maria Vigliotti

Wim Van den Wyngaert · ‎09-05-2004

Generate a file on vms containing
$ set pass
oldp
newp
newp
$ exit
and then do rsh @file

Wim

Wim Van den Wyngaert · ‎09-05-2004

Alternative is to use the eclosure of privious posting but then you need to be able to trigger task to task from PC.

Wim

Bojan Nemec · ‎09-05-2004

Hi,

Searching I found this thread in experts exchange: http://www.experts-exchange.com/Databases/Oracle/Q_20912129.html
Maybe you can arrange a command procedure or a program which changes the password.

If you want to change the password from a program you must use sys$getuai, sys$hash_password and sys$setuai system services.

Bojan

Wim Van den Wyngaert · ‎09-05-2004

To create the file on vms, you can create it on PC and use rcp or ftp to transfer it.

Wim

Wim

waliamanish · ‎09-05-2004

Hi,

The user is working on the client (Oracle Forms Developer) end and needs to send password as parameters. So I cannot use SET Password command as it throws a dollar prompt on the server awaiting for the user to type old and new password and is never coming back to the frontend.

So I am looking for some way by which I can pass the old and new passwords from the frontend to VAX/VMS and this is going to reset the password without prompting for any value.

Bojan Nemec · ‎09-05-2004

Hi,

If you can run a procedure in the users environment, than you can use Wims hint. In this procedure write out a new procedure and run it (look at the Wims post with the attachment). Maybe some
$ set protection=(s,o=rwed,g,w)/default
will slightly improve the security. Another way is to write a program which calls the sys$setuai system service (better, because of no intermediate files with plain text passwords).

Else if you can run a procedure - program under a privileged user (SYSPRV or GRPPRV if all users are in the same group) you can write a program which modifies users passwords. In this program first test the old password with sys$getuai and sys$hash_password and, if matches, modify the password using sys$setuai system service.

Bojan

Wim Van den Wyngaert · ‎09-06-2004

Wali,

If you create the file and @ it, no prompt will be done. I also tried "set pass" with a redefined sys$input but this wasn't working.

Wim

Wim

Jan van den Ende · ‎09-06-2004

Waliamanish,

So I cannot use SET Password command as it throws a dollar prompt on the server awaiting for the user to type old and new password and is never coming back to the frontend.

If you do a
$ DEFINE/USER_MODE SYS$INPUT SYS$COMMAND
immedeately before $ SET PASSWORD,
then the prompt is NOT thrown to the server, but to whatever is the interactive input stream, ie, the frontend. Input is taken from the same stream of course.
-- I never tried it from Oracle Developer though...

hth,

Jan

Don't rust yours pelled jacker to fine doll missed aches.

Wim Van den Wyngaert · ‎09-06-2004

Another alternate solution.

Write the new password in the Oracle db and use rsh to start a procedure that will read in the database and use the value to change the password.

Wim

Antoniov. · ‎09-06-2004

Hi,
all solution posted here are good ideas but they are a bit dangerous.
I can add some other hints:
- Remember SET PASSWORD command can fail (for example for easy_to_guess or found_in_history); there is no way to be sure password is changed.
- After change of password you could delete command file (that contains the new password)

If your front-end is on PC you could activate hyperterm to change user password; this is the most secure way but it's the best way for the user (no friendly for his).

Antonio Vigliotti

Antonio Maria Vigliotti

Bojan Nemec · ‎09-06-2004

Hi,

Another solution which is a mix of previous solutions.

Take Wims Client.com and add old password test to it (see PASSWORD_SERVICE.COM after get_old_passwords: to have an idea how to test it). Obvious is that you must check and return the status of each phase. Now you can set this procedure as a TCP/IP service.

In Oracle you can write stored procedures in Java. Write such a procedure which open a TCP/IP connection to this service (using java.net.Socket) and passes the old and new password ower this connection. The procedure will change the password and/or return the status. In Java close the connection and return the status.

Now from SQL you can change the password with SELECT ChangePassword (old,new) FROM dual;
and you receive the status as a result (ChangePassword is the Java procedure name).

Bojan

Wim Van den Wyngaert · ‎09-06-2004

Yet another solution.

rsh node "@xxx:change_password old new"

and xxx:change_password.com must contain

$ open/write x tmp.tmp
$ write x "$ set pass"
$ write x "''p1'"
$ write x "''p2'"
$ write x "''p2'"
$ close x
$ @tmp.tmp
$ del tmp.tmp.*

Of course with error handling and a unique filename.

Wim

Wim

Bojan Nemec · ‎09-06-2004

In my previous post i forgot the username parameter to the Java method, so it will look something like this ChangePassword (user, old, new).

If you go for the command procedure solution, I sugest delete/erase when deleting the command procedure.

Bojan

Willem Grooters · ‎09-07-2004

The problem is how to get the username, old and new passwords over the network.
You can do it using the database (can be done encrypted, IIRC), or by some method directly (encrypted or not). Requirement of encryption depends, IMHO. If the connection between client and (VMS)server is a non-open (propriatry) network, need for encryption is low (or even absent).
Whatever method chosen, some process on the VMS site is to be triggered. You can use standard TCPIP services (designate a port for thsi (system) procedure, to secure it allow connections from known machines only.
Any message sent to this port will trigger a procedure - that can run in a privileged mode, to do just THAT: update UAF (and log it).
If you use the database for passing data, be sure to REMOVE the new password data after the UAF has been updated!

Willem

Willem Grooters
OpenVMS Developer & System Manager

waliamanish · ‎09-08-2004

Hello all,
I apperciate everybody's help for giving replies to my Query. I can now implement this in a good number of ways.

Thanks again
Manish Walia:)

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: SET VMS user password from a remote application.

SET VMS user password from a remote application.