______________________________ Reply Separator _________________________________
Subject: How to check for blank password? (Classic -> PA!)
Author: Edward Redman <[log in to unmask]> at CCGATE
Date: 9/16/1996 4:23 PM
We're one of the last people on earth to upgrade our Classic HP3000 to a
PA Risc box, so this kind of question has probably been talked about long
ago. (Sorry.)
We only had 2 priv-mode programs on the old machine. One allowed moving
the console to anyone with OP capability. The other verified that the
user running the program had a password. It is the latter one that I'd
like to reproduce on the new machine.
When we create a user on the system we leave the password empty and have
them sign on right away. There is a system-wide option logon UDC that
checks to see if the password is blank and invokes the password changer if
so. This is also handy for when users forget their password. We just
blank it out and let them log in again.
So the question is: what is the simplest way to accomplish this
blank-password-check now? Can this be done with some of the funky new
scripting it seems the new 3000 has? Thanks for any hints, pointers,
advice.
p.s. Are there any good resources to help us learn about the new features
on this risc machine?
------------------------------------------------------------------------
Edward,
I've had a similar requirement and I solved it using the a couple of
command files and a dedicated batch job.
The first command file is executed via a logon, system wide UDC and it
communicates to the background job the user name and account of the user
logging on. It also builds a message file where the background job will
place an indication whether the user has a password. (The name of this
file is *also* made available to the background job). Once the reply is
received the command file invokes the needed routine to force the user to
change his password.
The background job runs all the time, under manager.sys or a user with SM
capability, and 'listens' at a message file for requests. Once a request
is received it determines if the requesting user has a password, using the
listuser command, and places back in the requester's file said indication.
The jobs runs in the CS queue but it does NOT use much resources since it
is only invoked once per logon.
The second command file is used to start or stop gracefully the background
job.
I'm attaching them below. You could use them as is with the exception that
you must invoke your own routine to change the password. In addition if
you change the name of the streamfile to conform to your standards the
same changes must be made to the corresponding command files.
Regards
Paul H. Christidis
(310) 513-5808
----------------------Command file 1 (UPASS)-------------------
===> Cut here
file o=gxpswrdx.pub.sys,old;shr;gmulti;lock
if finfo("*o","exists") then
purge xpswrdx >$null
build xpswrdx;rec=-80,,f,ascii;disc=10;msg
release xpswrdx
file i=xpswrdx,old;shr;gmulti;lock
echo ![finfo("*i","fullfname")] | !hpuser.!hpaccount >*o
input _reply;wait=60 < *i >*i
!_reply
if NOT user_password then
echo "invoke program to set password"
endif
reset i
deletevar _reply
purge xpswrdx >$null
endif
reset o
End Cut <=====
----------------------Backgroud job stream (PASSWJOB.UTIL.SYS)---------
====> Cut here
!JOB PASSWJOB ,MANAGER.SYS;HIPRI;OUTCLASS=,1;pri=cs
!COMMENT
!comment Author: Paul H. Christidis
!comment Date: 06/17/96
!COMMENT Remarks: This job 'listens' at a message file for any
!COMMENT requests to derermine if a user has a password. It then
!comment makes that determination and passes back an indicator to
!comment that effect. A command of STOP causes the job to terminate.
!comment
!comment The request comes via the execution of a command file or a
!comment System wide UDC and it is comprised by the file name where
!comment the reply should be placed and the user's name and account.
!comment This job does NOT return the user's password, it only writes
!comment in the message file specified by the client the command:
!comment setvar user_password true/false
!comment The client then executes the command and tests the setting
!comment of the variable 'user_password' to decide what action to
!comment take.
!COMMENT
!
!setvar pg_msgfile 'gxpswrdx.pub.sys'
!setvar pg_stop_cmnd 'STOP'
!setvar pg_file_specs 'gmulti;lock;shr'
!
!file msg=!pg_msgfile,old;!pg_file_specs
!purge !pg_msgfile >$null
!build !pg_msgfile;rec=-80,,v,ascii;disc=2000;msg
!altsec !pg_msgfile;newacd=(w,l:@.@)
!
!setvar _done false
!while not _done do
! input _text <*msg >*msg
! echo @ !hptimef : ![rtrim(_text)] :
! setvar _bar_pos POS("|",_text)
! setvar _fname RTRIM(STR(_text,1,_bar_pos - 1))
! setvar _uname RTRIM(STR(_text,_bar_pos+1,17))
! setvar _done _fname = "!pg_stop_cmnd"
! if not _done then
! purge tfile,temp >$null
! build tfile;rec=-80,,f,ascii;msg;temp
! file t=tfile,oldtemp
! file o=!_fname,old;shr;lock;gmulti
! listuser !_uname;pass;format=detail > *t
! setvar cnt 4
! while setvar(cnt,cnt-1) > 0 do
! input _text <*t
! endwhile
! setvar _upass RTRIM(STR(_text,POS(":",_text)+2, 8))
! if LEN(_upass) = 0 then
! echo setvar user_password false >*o
! else
! echo setvar user_password true >*o
! endif
! endif
!endwhile
!purge !pg_msgfile >$null
!showvar
!EOJ
End Cut <====
---------------------Command file 2 (PASSCNTL)------------
====> Cut here
parm paswrdopt = "?"
echo PASSWORD password option = !paswrdopt
setvar _option ups("!paswrdopt")
if pos(",!_option",",START,STOP") = 0 then
echo
echo Usage:
echo START- Initiates the PASSWORD background job.
echo STOP - Terminates the PASSWORD job gracefully.
echo
else
echo Acting on: "!_option"
echo
purge pgrfile,temp > $null
build pgrfile;rec=-80,,f,ascii;disc=500;temp;msg
file sh = pgrfile,oldtemp
showjob [log in to unmask] > *sh
setvar executing false
while finfo("*sh",'eof') <> 0 do
input sh_text;wait=2 < *sh
if pos("PASSWJOB,MANAGER.SYS",sh_text) <> 0 then
setvar executing true
endif
endwhile
reset sh
if _option = "START" then
if executing then
echo
echo Warning: An instance of PASSWORD is already executing.
echo
else
STREAM PASSWJOB
endif
elseif _option = "STOP" then
if executing then
file pg=gxpswrdx.pub.sys,old;gmulti;lock;shr
echo STOP | !hptimef > *pg
reset pg
else
echo
echo Warning: PASSWORD is NOT running, nothing to stop.
echo
endif
endif
endif
deletevar _option
End Cut <====
|