Skip to main content  
        iSeries home   |   Easy400  
Public-Source
 
 Introduction
 
 Terminal operation
 Browser operation
 
 Download
 
 
Password Reset Utility - Browser operation
 

This page is related to a scenario where users

  • connect to the IBMi box via HTTP server and WEB browser
  • and their access is validated through the host IBMi user profile system.

Summary

  1. Also in this case, the security administrator of the IBMi must have launched a batch job to serve password change requests made by the users. The batch job is launched with command PWDRESET/PWDSERVE, as explained in the previous page.
  2. A special WEB page may be used by the security administrator to reset the password of an user profile
  3. Another WEB page is available to the users for changing their user profiles passwords.

Requirements

  1. The HTTP instance must be added the following directives:
    #---- PWDRESET --------------------------------------------------------
    ScriptAliasMatch /pwdresetp/(.*)  /qsys.lib/pwdreset.lib/$1
    ScriptAliasMatch /xresetpwd(.*)   /qsys.lib/pwdreset.lib/resetpwd.pgm
    ScriptAliasMatch /xchgpwd(.*)     /qsys.lib/pwdreset.lib/chgpwd.pgm
    Alias /pwdreset/ /pwdreset/
    <Directory /pwdreset>
       Options None
       order allow,deny
       allow from all
    </Directory>
    <Directory /qsys.lib/pwdreset.lib>
       AllowOverride None
       order allow,deny
       allow from all
       Options -ExecCGI
       CGIConvMode %%EBCDIC/EBCDIC%%
    </Directory>       
    <LocationMatch (^/pwdresetp/(.*)$|^/xresetpwd(.*)$|^/xchgpwd(.*)$)>
      AuthType Basic
        AuthName "PWDRESET utility"
        PasswdFile %%SYSTEM%%
        UserID %%CLIENT%%
        Require valid-user
     </LocationMatch>
    
  2. Availability of the MMAIL utility can be very useful for communicating new passwords to remote users.

Resetting user profile password

Instead of entering command PWDRESET/PWDRESET from a 5250 terminal, from your WEB browser you may invoke the URL
http://tcp_address:port_number/xresetpwd    .
You will be asked to specify user_name/password. Enter the name of a class *SECADM user profile and its password.
You will receive the following screen:

Figure 3 - Reset user profile password
You specify
  • the name of the user profile to be reset
  • the number of characters of the new password
  • and optionally the e-mail address of the user using this user profile.
When you press the "go" button,
  • A new OTP (One Time Password) password is computed.
  • The user profile password is changed with this password.
  • The initial program of the user profile is changed to an utility program that will ask for a new user password at the first Sign On of this user profile.
  • If an e-mail address is specified and command MMAIL/EMLPTUMSG is available, a mail message containing the new OTP password is e-mailed to this address, otherwise the new password will be displayed on the screen in Figure 4:
    Figure 4 - User profile password was reset


    User action after password reset

    If the user signs on (with the renewed OTP password) from a 5250 terminal, he is asked to provide a new password, as explained in the previous page.
    Alternatively, the user may provide his new password by invoking from his WEB browser the URL
    http://tcp_address:port_number/xchgpwd    .
    He will be asked to specify user_name/password and he will enter his user profile name and the current password, the one generated by the security administrator.
    He will then receive the following screen:
    Figure 5 - User asked to change his password
    He will enter:
    • Again the current password, the one generated by the security administrator.
    • His new password.
    • His new password for verification
    and update, if needed, his e-mail address.
    When the "go" button is pressed, he will receive the screen in Figure 6:
    Figure 6 - User changed his password
    Worth to be noted that an user can change his user profile password at any time by invoking the URL http://.../xchgpwd .



    previous page