Adopted Authority

0 pts.
Tags:
RPG
Security
I am extemely new to RPG so I am looking for a simple code that uses adopted authority of SECOFR to an operator temporarily simply to enable users. I know that it can be done, but I would like to know the structure of it from and RPG standpoint. Thanks in advance.
ASKED: March 23, 2005  2:00 PM
UPDATED: October 20, 2009  6:41 AM

Answer Wiki

Thanks. We'll let you know when a new response is added.

After you compile the program with run as *OWNER authority, change the owner to a profile with SECOFR.

================================================================

Place this into a CLLE source member:
<pre>
PGM

CHGUSRPRF ??USRPRF()
PASSWORD(exppwd)
PWDEXP(*YES)
STATUS(*ENABLED)

RETURN
ENDPGM
</pre>

Compile with:
<pre>
CRTBNDCL PGM( mylib/mypgm )
SRCFILE( mylib/QCLLESRC )
SRCMBR( mypgm )
USRPRF(*OWNER)
</pre>
Grant *PUBLIC *EXCLUDE authority. Grant *USE authority to any profiles you want to run the program.
<pre>
CHGOBJOWN OBJ( mylib/mypgm )
OBJTYPE(*PGM)
NEWOWN(QSECOFR)
</pre>
That will set the owner.

When the program is called, it will prompt to enter the profile being reset. It will then set the password to EXPPWD (or whatever you choose to put there). The password will be expired and the profile will be enabled. When the user signs on, he/she will have to set the temporary expired to a valid password.

Tom

Discuss This Question: 4  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Kholder
    Adopted authority is very simple. Make sure the PGM is owned by the profile you wish to adopt authority. Make sure *PUBLIC is EXCLUDE from the PGM object and the user profile(s) that will call the PGM has *USE authority. CHGOBJOWN OBJ(PRGLIB/MYRPGPGM) OBJTYPE(*PGM) NEWOWN(QSECOFR) Then CHGPGM to use *OWNER CHGPGM PGM(PGMLIB/MYRPGPGM) USRPRF(*OWNER) Not sure you should choose QSECOFR. You might want to setup a user profile that has special authority SECADM and use it instead of QSECOFR. Also turn on auditing for that profile. o Security administrator authority (*SECADM) to users who need to create, change, or delete user profiles.
    0 pointsBadges:
    report
  • Kholder
    Adopted authority is very simple. Make sure the PGM is owned by the profile you wish to adopt authority. Make sure *PUBLIC is EXCLUDE from the PGM object and the user profile(s) that will call the PGM has *USE authority. CHGOBJOWN OBJ(PRGLIB/MYRPGPGM) OBJTYPE(*PGM) NEWOWN(QSECOFR) Then CHGPGM to use *OWNER CHGPGM PGM(PGMLIB/MYRPGPGM) USRPRF(*OWNER) Not sure you should choose QSECOFR. You might want to setup a user profile that has special authority SECADM and use it instead of QSECOFR. Also turn on auditing for that profile. o Security administrator authority (*SECADM) to users who need to create, change, or delete user profiles.
    0 pointsBadges:
    report
  • TheQuigs
    Here's a link to an article by Wayne O. Evans on how to securely do exactly what you want: http://www.itjungle.com/fhg/fhg081804-story02.html Wayne Evans is widely recognized as one of (if not the) foremost experts on OS/400 security.
    0 pointsBadges:
    report
  • Nevster
    From what I understand of your question it seems you want someone to be able to set up and maintain user profiles, passwords,etc. The operator's profile needs special authority of *SECADM to deal with users although they wont be able to see any profiles created at *SECOFR level.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following