Author Topic: Users's rules with ARSUSEC  (Read 2592 times)

zancanaro

  • Guest
Users's rules with ARSUSEC
« on: December 23, 2016, 03:55:24 AM »
Hi all,
Next year, I'll need to secure our CMOD v.9.0 users with the CMOD Partition "System Parameters" with "disable Or Lock Out After Failed Logins" and others Parameters.
Then, I'll probably need to use the ARSUSEC exit to avoid to lock some of our user call by Internet.

Will it possible to "declare" them in this ARSUSEC exit ( along with others parameters like "Minimum Password Length" & so on ) ?

And, moreover, is it possible to obtain  such an ARSUSEC - as a sample - from one of your Partion please ; This will be helpfull.

Thanks a lot & Merry Christmas

Alessandro Perucchi

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 1002
    • View Profile
Re: Users's rules with ARSUSEC
« Reply #1 on: January 19, 2017, 01:18:21 PM »
I don't have a sample from and arsusec, since every case if different, then every user exit is unique... or nearly unique! sorry.


You need to understand that when a user logs in CMOD, CMOD will first run the ARSUSEC, and depending on the answer of ARSUSEC, it will either:
- stop checking and deny the login
- stop checking and allow the login
- continue with its internal checking, and then according to his findings, allow/deny the access.


If you have some specials users that you want to avoid to lock out, then you only way to do it, is to handle them first, and allow them access directly with the ARSUSEC.
And if the users are not the "special" case, then you let CMOD handle them, and do whatever CMOD wants to do according to the rules you have defined in the "System Parameters".
It means also that the ARSUSEC will also need to check the validity of the password of your "special" users... and you cannot use the CMOD hash file, since there is no documentation on how to check the password like CMOD... so it means you need to develop your own way to handle the passwords in a separate table from the official ARSUSER table... meaning that you need also to handle the moment these "special" users wants to change their password...

That would be a nice project... not that difficult, but not that trivial...

I hope that helps you a little bit to see what needs to be done, or not...

Regards,
Alessandro
Alessandro Perucchi

#Install #Migrations #Conversion #Educate #Repair #Upgrade #Migrate #Enhance #Optimize #AIX #Linux #Multiplatforms #DB2 #Windows #Oracle #TSM #Tivoli #Performance #Audits #Customizing #Availability #HA #DR #JavaApi #ContentNavigator #ICN #WEBi #ODWEK #Services #PDF #AFP #XML