Friday, October 31, 2008

How to avoid passwords expiring in PeopleSoft

One of the more often customer requirements regarding security is to implement password expiration. PeopleSoft provides this functionality using the Password Controls component under:

PeopleTools > Security > Password Configuration > Password Controls

This component provides the alternative to enable or disable password expiration controls for all users. Now, what happens if we want a certain user's password to never expire?

There are plenty of situations where we might want this to happen, for instance:
  • The password for the user set in the Process Scheduler or Application Server configuration should not expire or otherwise the system may not work.
  • Same happens with if a user is set as a Guest in a Web Profile.
  • Also, you may want to disable password expiration for PTWEBSERVER, the user set by default to let the Web Server recover Web Profiles from PeopleSoft environment.
Unfortunately, PeopleSoft does not provide the ability of disabling password expiration for a given user. Good news are that it is quite easy to do by setting the last password change date to a future date using the following SQL sentence:

update PSOPRDEFN
set LASTPSWDCHANGE = '2050-01-01'
where OPRID in ('SOLICITANTE', 'PS', 'PTWEBSERVER')

10 comments:

Larry said...

I found the same blog in http://www.itwisesolutions.com , Is it the same site?

Javier Delgado said...

Thanks Larry for the information. It seems itwisesolutions is a site grouping multiple Blogs using RSS. I haven't posted this entry there, but I don't mind sharing its contents.

Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...

Good post and this fill someone in on helped me alot in my college assignement. Gratefulness you seeking your information.

ramprasath said...

To my understanding, there is one more way to avoid password Expiry for particular users

In the peoplecode of FUNCLIB_PWDCNTL adding the following customization in the function PASSWORD_CONTROLS

Function PASSWORD_CONTROLS ( );

/* START CUSTOMIZATION - this is a customization to exclude users from password controls */

If %SignonUserId = "" Or
%SignonUserId = "" Then
Exit(0);
End-If;

/* END CUSTOMIZATION */



where USER1 , USER2 are id whose password you don’t want to expire.

Javier Delgado said...

Hi Ramprasath

Thanks for your contribution.

I guess the intended code was:

(...)
If %SignonUserId = "USER1" Or
%SignonUserId = "USER2" Then
Exit(0);
End-If;
(...)

Although this approach works, it implies a customization in a PeopleTools object such as the FUNCLIB record you referred to. This is normally something you would like to avoid, as it could be affected by any PeopleTools update (which due to Oracle Security Alerts are quite common).

Again, as I said, it's a valid approach so in the end it's a matter of choosing the option you like the best.

Max Onlinetraining said...

Thanks for providing information on people soft admin
people-softadmin