BW Client and System Login problem [Archive]

bkerim

6th September 2007, 10:27

Hello,

I faced a very serious problem at my customer.
They were disabling Baan User Logins by setting the 'System Login' field to an non existent login name, such as 'inactive'. It has been working fine in C3 and C4 for years. But recently it was noticed that inactive users were able to login in some cases.
After an investigation it turned out that the problem exists with BW client version B40c.84. With previous version clients like B40c.84, B40c.70 or B40c.66 it works fine, users are disabled.

Bad thing is that it is hard to control the BW client versions installed on user's PCs. And users can break the security policy.

Did anybody experience such problem?
Any suggestions will be very valuable.

Thank you.

Bilgin Kerim

Baan Tools Consultant

jp.aalders

6th September 2007, 10:52

You can't expect that the method used should always work fine as it was not designed for this purpose.

If your customer is on Unix you could set the permissions of the u<user> files in the directory $BSE/lib/user to 000, in that case the user has no read/write/execute permission on his userfile and is not able to login. Another option you could try is the begin/end time (03:00 - 03:01) f.i.

kaukul

6th September 2007, 11:55

Hello,

I faced a very serious problem at my customer.
They were disabling Baan User Logins by setting the 'System Login' field to an non existent login name, such as 'inactive'.

Hi,
I think you were not converting data to run-time after changing "system login". Also, users have to log out to experience this issue of unable to login.

Regards,
Kaustubh

jclju1

6th September 2007, 12:25

I tested what bkerim wrote and it is true. I changed system login to non-existing user (application messaged that user doesn't exist), convert to runtime, log out and log on again. I was checking file $BSE/lib/user/u<user>, line Unixuser changed but bshell process on Unix server belongs to old Unix user.

Regards.

kaukul

6th September 2007, 12:42

I tested what bkerim wrote and it is true. I changed system login to non-existing user (application messaged that user doesn't exist), convert to runtime, log out and log on again. I was checking file $BSE/lib/user/u<user>, line Unixuser changed but bshell process on Unix server belongs to old Unix user.

Regards.

OK..:(
We have 86 and it works fine here. What BW version do you have jclju1?

jclju1

6th September 2007, 13:41

Same as Kerim, B40c.84. I am sure that newer bw client will solve problem, but I am wondering, how is it possible.

bkerim

6th September 2007, 23:33

Thank you for the replies and suggestions.

For sure I have several options to resolve the issue from Unix or Login Time limitations, but I wanted just to share this experience and confirm that it is true. Thank you jclju1.

I believe it should not happen. Some user, somehow might have that client version B40c.84, and might break the system security.

Thank you and regards

Bilgin