How to reset the password??

pts.
Tags:
AS/400
Backup & recovery
CLP
RPG
RPGLE
Security
Hi, How to reset the password through a CL program. The user has forgotten his password, even ADMIN doesn't know the password. Thanks, Rama krishna

Answer Wiki

Thanks. We'll let you know when a new response is added.

Your admin shuold not know your user’s password as it is good practice to mark the initial password as expired when the user profile is created.

Your admin (or somebody with *SECADM special authority) should run the command:

CHGUSRPRF USER(users_id) PASSWORD(temp_pwd) PWDEXP(*YES)

The temp_pwd can be anything, for example the day of the week, etc. Specifying PWDEXP(*YES) will flag the password as expired and the user will then have to change it as soon as they sign-on.

Doing it this way ensures that the admin is not aware of the user’s password and adds a level of security to the system.

Hope it helps

Jonathan

=====================================================

The CHGUSRPRF command can be in a compiled CL program. (The command should include the STATUS(*ENABLED) parameter value.) The program can be compiled with USRPRF(*OWNER) as an attribute and then be owned by a powerful profile. The *PUBLIC can be granted *USE authority to the program.

With that program, any user could call it to reset to reset their own password — if they could get signed on to call the program!

Now, the program could first run RTVJOBA to retrieve the name of the user running the program and issue a prompt for the user profile to reset. The program would send a message to an adminstrator’s message queue to log who was resetting whose password. It should also use RTVUSRPRF against the user profile being reset to ensure that only *DISABLED profiles were being reset; the program should send an administrative message and end otherwise.

That makes it easy for users to help each other.

Further, there could be a RESET profile that anybody could sign on to with this program as the initial program and *SIGNOFF as the initial menu. That would make a fairly easy do-it-yourself function, but it would make it very difficult to know who ran the the program. If desired, the program could issue one or more ‘challenge/response’ questions to help identify a user.

Lots of possibilities — it’s definitely best to have a trusted and identified second user involved (and to log the action in a secure fashion). Authority to use the program might be granted to a group of managers and/or supervisors.

Tom

Discuss This Question: 5  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Dollar
    IS it possible to change the password using guest account????
    125 pointsBadges:
    report
  • jinteik
    what do you mean by guest account?
    17,370 pointsBadges:
    report
  • Dollar
    means to say if there is two account one is administrator and other is guest then i only access to the guest account o don't know the password of admin. then is it possible to change the password of administrator ?????
    125 pointsBadges:
    report
  • graybeard52
    The System i doesn't have an "adminstrator" or "guest" account. But if someone set it up two accounts that way, the answer is no. If you do not have security admin rights, you can only change your own password.
    3,115 pointsBadges:
    report
  • TomLiotta
    ...i only access to the guest account o don’t know the password of admin. then is it possible to change the password of administrator ????? Yes. Just as I described in the 'answer' above -- the "guest" account would be granted authority (permission) to use the program that did the password change. The program is created to run under the authority of its owner, and the owner is a profile that has enough authority to change passwords. In your case, the owner might be "admin". The program should be written so that it only does one thing, e.g., resets the password for some profile. It should also log every time it is called and what it did. Easiest way to log is simply to use SNDMSG to a secured message queue. Tom
    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following