Get Screenshots | Documentation | Passage | Baan Session | License
This program is built to have as little impact on the users as possible. When a user first logs in under this system it will create their user data file and set their first expiry date to 90 days from then. Five days before the password is set to expire they will get a warning every time they log in, and the option to change their password. After the five days the users account is locked and they will not be allowed to log in until they change their password. Once they change their password the system resets itself and they are given another 90 days. NOTE: passage is for Unix and Linux only, if someone wants to take queue and build it for windows, more power to you..
Building passage is pretty straight forward: cc -O passage.c -o passage -lsec -or- gcc -O passage.c -o passage -lsec The -lsec is required if you are using a trusted or shadowed system.
----installing the binary---- 1. Build the passage binary (see above) 2. As "root" create a directory called $BSE/security 3. As "root" change into the $BSE directory and run: chmod 700 security 4. Move the file you built above "passage" to $BSE/scripts and run: chown root:bsp passage 5. Run the following command to "setuid root" the file. (This means that whenever this program is executed it will "effectively" run as the user root. ) This is necessary, since this will allow the passage executable to be able to read and write to the $BSE/security directory, while nobody else can) It also enables the passage binary to work properly with NIS+/Trusted Unix/Shadow Passwords/etc. To setuid root: chmod 4750 passage It will look like this: (note the "rws" instead of "rwx") -rwsr-x--- 1 root bsp 67496 Jan 1 19:12 passage ----installing the session---- I've provided the source to the session so that you can add it to your own localized package and modify it to your needs. After creating the session in your Baan environment activate it by following the directions below. 1. In Baan run session ttadv4188m000 (Maintain BMS Mask Data) 2. Add the following entry Mask: Your session name Session/Object: Your session name Automatical add mask: yes Boot: yes Once this info is in place chose Convert BMS Mask Data to runtime DD Your session will now startup for every user. 3. This session uses 2 shell scripts to "lock-out" users if they do not change their password after it is expired. These are optional but a good idea to implement.
Once the user logs in it will create a userfile in the security/ directory. You can see this in the log.passage file The format is: < current date/time > < active/inactive > current date/time == The number of seconds from Jan 1, 1970. To test just subtract 7516800 (87 days) from the value in the file. To test active/locked out just flip the < active / inactive > from 1 to 0. 1 = active 0 = inactive/locked out
Logging takes place in $BSE/log/log.passage for more logging you can set PWDEBUG=1 in the environment -- this is very important for reporting bugs.