So I was wondering if anyone knows if DOORs records not only the date a user last changed their password but also if it includes the time as well. I know about going into individual users accounts and the security tab to see the date it was changed, but is it possible for a dxl script like this User u = find() Date LastChange = u.passwordLastChange Date init = dateAndTime(LastChange) string strName strName=u.name print strName "\t" stringOf(LastChange) "\t" init "" to somehow also include the exact time it was changed? As of right now the only information I get is: USERNAME Tuesday, November 15, 2016 11/15/16 00:00:00 and it only ever shows 00:00:00 MrNiceGuy - Mon Feb 06 17:13:57 EST 2017 |
Re: Users Password Last Changed question I just checked inside the DB files. It seems the Date is not stored with a time inside the user file, so you might be out of luck. Inside the password history files, you have a timestamp, but I am not sure you can access them with DXL.
Maybe that helps, regards, Mathias |
Re: Users Password Last Changed question Mathias Mamsch - Wed Feb 08 04:10:04 EST 2017 I just checked inside the DB files. It seems the Date is not stored with a time inside the user file, so you might be out of luck. Inside the password history files, you have a timestamp, but I am not sure you can access them with DXL.
Maybe that helps, regards, Mathias Well that's unfortunate, you would think that a DDBA would have some way to tell if a user has changed their password or a variable that would contain this data. As of right now when a user requests a password reset we have no way of telling if they change their password after they get access again. But thanks for the reply Mathias helps a lot. |
Re: Users Password Last Changed question MrNiceGuy - Wed Feb 08 11:32:45 EST 2017 Well that's unfortunate, you would think that a DDBA would have some way to tell if a user has changed their password or a variable that would contain this data. As of right now when a user requests a password reset we have no way of telling if they change their password after they get access again. But thanks for the reply Mathias helps a lot. Sorry - this does not seem to work -
|
Re: Users Password Last Changed question Mathias Mamsch - Wed Feb 08 13:35:56 EST 2017 Sorry - this does not seem to work -
oh wow I had no idea, thanks a ton for that Mathias. This will definitely help |
Re: Users Password Last Changed question Mathias Mamsch - Wed Feb 08 13:35:56 EST 2017 Sorry - this does not seem to work -
This is new to me, the DXL reference states that the password property is "write-only". Trying it out on my DOORS 9.6.0.3 nothing was output from the password properties - has this functionality been modified in later versions? |
Re: Users Password Last Changed question PekkaMakinen - Thu Feb 09 01:29:13 EST 2017 This is new to me, the DXL reference states that the password property is "write-only". Trying it out on my DOORS 9.6.0.3 nothing was output from the password properties - has this functionality been modified in later versions? Did you try as "Administrator"? I think this only works for that user. Regards, Mathias |
Re: Users Password Last Changed question Mathias Mamsch - Thu Feb 09 03:36:35 EST 2017 Did you try as "Administrator"? I think this only works for that user. Regards, Mathias Yes, did run as Administrator. No success. |
Re: Users Password Last Changed question PekkaMakinen - Thu Feb 09 04:03:54 EST 2017 Yes, did run as Administrator. No success. Weird. Then I think it might have been a mistake by me... I tried this on an old database. The first time I ran this code I got also nothing, then I changed the password over the GUI, run the code again and got a result. I thought the user did not have a password before - but I think I only got a hash, because I set the password earlier and it was still in the user record. Can you verify, that changing the password over the GUI will have the code work (once) for you too? Regards, Mathias |
Re: Users Password Last Changed question MrNiceGuy - Wed Feb 08 11:32:45 EST 2017 Well that's unfortunate, you would think that a DDBA would have some way to tell if a user has changed their password or a variable that would contain this data. As of right now when a user requests a password reset we have no way of telling if they change their password after they get access again. But thanks for the reply Mathias helps a lot. Coming back to your original problem - I know people have made their password reset scripts so, that the user is forced to change his password. Would this not solve the issue? Regards, Mathias |
Re: Users Password Last Changed question Mathias Mamsch - Thu Feb 09 04:15:23 EST 2017 Weird. Then I think it might have been a mistake by me... I tried this on an old database. The first time I ran this code I got also nothing, then I changed the password over the GUI, run the code again and got a result. I thought the user did not have a password before - but I think I only got a hash, because I set the password earlier and it was still in the user record. Can you verify, that changing the password over the GUI will have the code work (once) for you too? Regards, Mathias Hi, running with my own Database Manager account I could get it to print my own password hash. As Administrator it did print out hash for one of our accounts used for DOORS backup (don't know why) but nothing else. When as Administrator I changed the password to my own account, it did print the hash for my password - but when I closed DOORS and reopened an Administrator session it did not print this anymore.
So: as a normal user (which is in the userList) you can print out your own password hash. As Administrator (which is not in the userList) you can print out those password hashes changed in the same session - but these values are not available in later Administrator sessions. And this tested in 32 bit 9.6.0.3. |
Re: Users Password Last Changed question Mathias Mamsch - Thu Feb 09 04:22:06 EST 2017 Coming back to your original problem - I know people have made their password reset scripts so, that the user is forced to change his password. Would this not solve the issue? Regards, Mathias Yea it would but everything I've read suggest that DOORS only forces a user to reset their password when they first log onto their account for the very first time. So there is a way to force someone to reset their password after its reset? |
Re: Users Password Last Changed question PekkaMakinen - Thu Feb 09 04:34:17 EST 2017 Hi, running with my own Database Manager account I could get it to print my own password hash. As Administrator it did print out hash for one of our accounts used for DOORS backup (don't know why) but nothing else. When as Administrator I changed the password to my own account, it did print the hash for my password - but when I closed DOORS and reopened an Administrator session it did not print this anymore.
So: as a normal user (which is in the userList) you can print out your own password hash. As Administrator (which is not in the userList) you can print out those password hashes changed in the same session - but these values are not available in later Administrator sessions. And this tested in 32 bit 9.6.0.3. So this is how I have it to work so far, im still tinkering with it but so far this has worked.
User user
bool DisAccnt = false
int i = 1
for user in userList do
{
DisAccnt = user.disabled
if (DisAccnt == false)
{
string strName
strName = user.name
string UserEmail = user.email
string SysName = user.systemLoginName
string HashPW = user.password
print "\t" strName "\t" UserEmail "\t" SysName "\t" HashPW "\n"
i = i + 1
}
}
I do it like this so that I am only getting the Hashed PW of accounts that are not disabled.
Again im still tinkering with it and trying to come up with something that is more efficient but this works so far how ive wanted it But if Mathias knows of a way to force a user to reset their password similar to when a new user logs on the first time, that would make things so much easier |
Re: Users Password Last Changed question PekkaMakinen - Thu Feb 09 04:34:17 EST 2017 Hi, running with my own Database Manager account I could get it to print my own password hash. As Administrator it did print out hash for one of our accounts used for DOORS backup (don't know why) but nothing else. When as Administrator I changed the password to my own account, it did print the hash for my password - but when I closed DOORS and reopened an Administrator session it did not print this anymore.
So: as a normal user (which is in the userList) you can print out your own password hash. As Administrator (which is not in the userList) you can print out those password hashes changed in the same session - but these values are not available in later Administrator sessions. And this tested in 32 bit 9.6.0.3. Also I know what you are talking about, how it wont show the hashed PW when you search for someone, I had the same issue when I first tried it. But I think what needs to happen before you search is you have to I guess que the user list first. (If that makes sense) If I run the default script Mathias provided I get the same issue where it wont show anything, but if I run my script first, (above) afterwards I am able to search for individual users without any issues. |
Re: Users Password Last Changed question MrNiceGuy - Thu Feb 09 11:31:15 EST 2017 Also I know what you are talking about, how it wont show the hashed PW when you search for someone, I had the same issue when I first tried it. But I think what needs to happen before you search is you have to I guess que the user list first. (If that makes sense) If I run the default script Mathias provided I get the same issue where it wont show anything, but if I run my script first, (above) afterwards I am able to search for individual users without any issues. Yes, something interesting is happening. When I now run your code, I can get the password hashes - but with simpler code which I wrote User u
for u in userList do I cannot access the password hashes. But it works if I add loadUserRecord(u) to the loop, so the additional queries you had (user name etc.) performed that. BTW this works even with my Database Manager account, no need for Adminstrator
|
Re: Users Password Last Changed question MrNiceGuy - Thu Feb 09 11:22:33 EST 2017 So this is how I have it to work so far, im still tinkering with it but so far this has worked.
User user
bool DisAccnt = false
int i = 1
for user in userList do
{
DisAccnt = user.disabled
if (DisAccnt == false)
{
string strName
strName = user.name
string UserEmail = user.email
string SysName = user.systemLoginName
string HashPW = user.password
print "\t" strName "\t" UserEmail "\t" SysName "\t" HashPW "\n"
i = i + 1
}
}
I do it like this so that I am only getting the Hashed PW of accounts that are not disabled.
Again im still tinkering with it and trying to come up with something that is more efficient but this works so far how ive wanted it But if Mathias knows of a way to force a user to reset their password similar to when a new user logs on the first time, that would make things so much easier Did you try resetting user passwords like this:
u = find("testuser")
u.password = "test1"
u.passwordLifetime = -1
saveDirectory()
This forces me to change the password on login. Combined with the Database Setting "Passwords before the same password can be used again" this could be a solution! Regards, Mathias |
Re: Users Password Last Changed question Hello Mathias et al...
This is a subject that I have kept an eye on for years and really though we had a winner...but this forces the user to change their password on every login until the lifetime is set to a positive number...so close yet so far... |
Re: Users Password Last Changed question Bill_B. - Thu Feb 16 14:13:38 EST 2017 Hello Mathias et al...
This is a subject that I have kept an eye on for years and really though we had a winner...but this forces the user to change their password on every login until the lifetime is set to a positive number...so close yet so far... So what I do with this script is I reset the users password and set the expiration date to -1 While im on the phone with them and after they login and reset their own password I then run the same script again but without the password change and i set u.passwordLiftime = 90
|