![]() |
Telelogic DOORS (steve huntington) | ![]() |
new topic :
profile :
search :
help :
dashboard :
calendar :
home
|
||
Latest News:
|
|
Topic Title: Is there a way to reset a user password through API or DXL Topic Summary: Created On: 12-Sep-2007 20:58 Status: Post and Reply |
Linear : Threading : Single : Branch |
![]() |
![]()
|
![]() |
|
Does anyone know how to change user passwords by using a script. Is there an API or a DXL function which can be used to do that? |
|
![]() |
|
![]() |
|
I haven't tested the below, but it should work:
------------------------- Kevin Murphy http://www.baselinesinc.com The Requirements Management Experts |
|
![]() |
|
![]() |
|
I have a request to provide DXL that will reset passwords for all users, make the password expiration 180 days, and with a minimum length of 8 characters. No problem -- all of these can be done using the setUser perm. The catch is that they also want it to require the users to re-define their password the next time they log in, so that only they know their ultimate password. I've tried some things (like setting the min. pw length to 8 chars w/ initial pw null) but so far no dice. Any ideas? (That DB is still at 7.1.)
Tom in WA |
|
![]() |
|
![]() |
|
I have a request to provide DXL that will reset passwords for all users, make the password expiration 180 days, and with a minimum length of 8 characters. No problem -- all of these can be done using the setUser perm. The catch is that they also want it to require the users to re-define their password the next time they log in, so that only they know their ultimate password. I've tried some things (like setting the min. pw length to 8 chars w/ initial pw null) but so far no dice. Any ideas? (That DB is still at 7.1.) Tom in WA You could do a database wide trigger that fires whenever they open any module, checks if their password is blank, and if so, pops up a dialog box telling them to enter a new one. There's a few other threads detailing how to hide the input like a password dialog does. Short of that you'd have to install a startup file on every client to do this check. ------------------------- David Pechacek AAI Services Textron dpechacek@sc-aaicorp.com David.Pechacek@gmail.com |
|
![]() |
|
![]() |
|
Thanks David. I had not considered a trigger or a startup script -- that's some good outside-the-box thinking. However, my customer has agreed to drop the immediate-password-reset DXL requirement and will just tell the users to change their password the next time they log in to "something only they know." (This is all about their DB changing its Login Policy from "Use system usernames" to "Use passwords," as you may have guessed.)
Tom in WA |
|
![]() |
|
![]() |
|
Hi Thomas,
I think it's a wise move that your customer has decided to drop the "immediate-password-reset DXL requirement ". You have to question just exactly what advantage does this give? developing a DXL script that may raise unwanted unforseen side effects and overheads for no major advantage ought to be questioned. Users have to login to a network domain first before they can login to DOORS. Given that this first layer of security is where the imposition of login policies such as enforced password reset periods and inactivity lock-out periods are usually introduced, it raises the question, what is the advantage of imposing a password reset policy on DOORS? If this was a native feature of DOORS - maybe OK - but it's not. An alternative is to use the LDAP binding features of DOORS to hook into your networks existing user, groups and authentication LDAP server e.g. Windows Active Directory Server. This will synchronise DOORS login accounts with a users network login account and by virtue will enforce whatever password reset policy has been defined in that LDAP server. ------------------------- Paul Miller Specification Practices Specialist EuroCyber Melbourne, Australia Mobile: + 61 (0) 418 135 103 http://www.eurocyber.biz |
|
![]() |
|
![]() |
|
Thomas,
I have the same issue with forcing the user to change password on the next login attempt after DB admin reset. I reported this as an issue to Telelogic (Case 7025704), and they said, "This behavior has changed in the latest version of DOORS 8.3 such that if the Admin leaves the password for a user as blank or something that doesn't meet the DB password rules, the user is prompted to change the password when they attempt to login." This is NOT how it works in DOORS 8.1. If I change the password to blank, the user can keep using a blank password, which violates all of the rules I have setup in the db properties (minimum characters, letter/numbers/symbols, etc) I have yet to confirm that it works this way in DOORS 8.3, and will add that to my testing prior to rollout. Cheers! Jay ------------------------- Jay C Walker Abbott Diagnostics Division Irving, TX 75018 |
|
![]() |
|
![]() |
|
Wht not set the user's password to something really long and tedious to type.
They are sure to change it straight away. ------------------------- Tony Goodman Smart DXL limited www.smartdxl.com |
|
![]() |
|
![]() |
|
I like Tony's idea..Throw them a password that is just painful...something like this.
![]() |
|
![]() |
FuseTalk Standard Edition v3.2 - © 1999-2009 FuseTalk Inc. All rights reserved.