What tools do people use to force Baan users to periodically change their passwords?

We have tried to use a product called DISUS but couldn't get it to work properly.

Our Baan environment is :-

IVc4, HPUX11 and Oracle 8.0.5

Thanks

PJ

There's a HP-UX tool called PWage to enable password aging but obviously it also works with the standard UNIX password aging. If you are looking for a total solution that integrates UNIX-Oracle-Baan, you can have a look at ESI Password. It would allow you to manage all user passwords from within Baan:

http://www.esiworld.com

Never tried it myself but the product brochure looks promising :)

Thanks Pat,

Their web site didn't mention the ESI Password product but I've sent them an email

Cheers

PJ

PJ,

You're welcome. I hope they have not discontinued the product. The last time I received about the product was a good year ago. :eek:

I have a client in the exact same config as what you described and they have successfully used the Disus product for password aging. This has worked for both NIS and standard UNIX password controls.

If you have any questions please let me know.

I was just at Baan World Users in Orlando and ESI had NO presence there.

Maybe ESI is stepping away from Baan. Jim, would you care to put up a thread with your impressions of Baan World Users?

I think you can use the baan sessions,

ttstppwchange and ttstppwdaging

The session ttstppwchange does not work on our AS/400. Is this session working for someone here?

Well, both the sessions are not working for us. so you have we have to give the user the ksh or shell access that they can change their passwords

We logged a bug with BaaN, hope they can fix it soon!

ls.,


in
"> Quick Support: Functional & Technical > Tools Administration & Installation > Password Expiration Notification"
I explain how to setup pwdaging in BaanVb en Vc.

http://www.baanforums.com/baanboard/showthread.php?s=&threadid=524

solong

HenryT

Disus (the name of the firm that I work for) has some software that addresses UNIX password aging with Baan. I can assure everyone that it does work (we have this installed at about 20-30 sites including Nortel worldwide). It supports Baan IV and V, UNIX and NT. Here is a very quick overview of how we implemented the password expiry warning for Baan and UNIX:

1) as part of the bshell bootstrap we invoke a custom object -- this object is started before the bshell does anything else such as display a desktop or menu

(this is not started via ipc_info or bms_mask due to various problems with these approaches, such as having to run a bshell twice, once for the warning and then again for the user's real startup, and such as being able to ignore the warning if started from bms_mask, etc)

This object is started as it is named in each users configuration file ($BSE/lib/user/u<username>) as the startup object ("startprogram_gui"). The user configuration file entry is done automatically via a custom tools object that we supply so that this does not have to be done manually (can be done manually if you're so inclined).

2) this object activates a UNIX utility program ("get_user_expiry") that we wrote that is very platform specific (each UNIX vendor has a differenct password aging implementation -- some require C2 security, some don't, etc). This utility returns to the object the number of days that are left before a user's password will expire.

3) if the user's password will expire within a certain threshold, the object informs the user and guides the user through a password change

4) after a successful or unsuccesful (3 trys) password change, the object will activate the user's usual startup desktop or menu.

For those of you that are looking for "standard" software to do this (it also implements idle logout, and concurrent login limit, auto logout, etc), here is the link to our website with a brief description:

http://www.disus.com/license_monitor/index.html

For those of you that want to "roll your own" solution and have the appropriate knowledge, I would happy to supply the "get_user_expiry" source or binaries for HP, Sun, IBM or Compaq. You can wire this into bms_mask, ipc_info, startup sessions, lib/user, -- whatever suits you.

Chris.

I've worked in Nortel Networks and using DISUS. It's great tools for the administrator ....
Nice job !