I think that sending a password to an known email address associated with
the user profile might be a good thing, especially if the user initiates the
password reset request. If someone is trying to hack a user profile, and
requests the password reset, the actual user will be notified, and can
contact a person about the issue.

I also think that the design would be such that if _I_ disable a user
profile for reason, then any request for a new password would be denied with
notification to a security person for review.

Jim

On Wed, Jun 17, 2009 at 12:32 PM, Ingvaldson, Scott <
scott.ingvaldson@xxxxxxxxxx> wrote:

Many of these things are possible, but are they really advisable? When
someone's profile gets disabled don't you want "someone" to look at it
rather than have it automatically get re-enabled and a new password sent
to an address that may or may not be compromised? That's why QMAXSIGN
exists in the first place. That's why we don't set it a *NOMAX and let
hackers hammer away all day.

I did have another admin ask me once if I could help him write something
that would automatically reset profiles before the users had to call the
help desk. I think I talked him out of the idea.

PCI requirement 8.5.2 is: Verify user identity before performing
password resets. That pretty much makes automatic password resets
verboten. Like John and Rob said, better to get a commercial
application to do this and take the risk and guesswork out of the
process.

Regards,

Scott Ingvaldson
Senior IBM Support Specialist
Midwest Region Data Center
Fiserv.


-----Original Message-----
From: BMay@xxxxxxxxx [mailto:BMay@xxxxxxxxx]
Sent: Wednesday, June 17, 2009 12:12 PM
To: Midrange Systems Technical Discussion
Subject: Re: AS400 Automatic Sending of New Password?

I don't think they would necessarily need to retrieve the existing
password. I think they could get by with an exit point program that
would generate a new password and set it using CHGUSRPRF and then email
this new password to the user.

Brian May
Project Lead
Management Information Systems
Garan, Incorporated
Starkville, Mississippi

Young i Professionals
http://www.youngiprofessionals.com



Rich Loeber <rich@xxxxxxxxx>
Sent by: midrange-l-bounces@xxxxxxxxxxxx
06/17/2009 12:08 PM
Please respond to
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>


To
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
cc

Subject
Re: AS400 Automatic Sending of New Password?






Frank,

I don't think this is going to be possible since the passwords on the
iSeries are encrypted and cannot be programatically retrieved.
You'd
have to be able to access the password from a program on the iSeries,

and
that is just not possible.

Rich Loeber - @richloeber
Kisco Information Systems
[1]http://www.kisco.com


------------------------------------------------------------------------
--

[2]fbocch2595@xxxxxxx wrote:

Hi Folks, you know when you're trying to sign in or log in?to a web
site
but you forget your password and after a few tries you have to click on
the "forgot your password" button and you're emailed a new password??
Can
that be done with the AS400/iSeries??

Any thoughts on how?it could be done with minimal programming? ?

Has anyone out there tried that??

Right now when a user calls the help desk the help desk issues a
new?password?but we want to eliminate that call (and probably the help
desk too).?

As always, any help appreciated.?

Thanks, Frank?


References

Visible links
1. http://www.kisco.com/
2. mailto:fbocch2595@xxxxxxx
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.