PeopleTools > Security > Password Configuration > Password Controls
This component provides the alternative to enable or disable password expiration controls for all users. Now, what happens if we want a certain user's password to never expire?
There are plenty of situations where we might want this to happen, for instance:
- The password for the user set in the Process Scheduler or Application Server configuration should not expire or otherwise the system may not work.
- Same happens with if a user is set as a Guest in a Web Profile.
- Also, you may want to disable password expiration for PTWEBSERVER, the user set by default to let the Web Server recover Web Profiles from PeopleSoft environment.
update PSOPRDEFN
set LASTPSWDCHANGE = '2050-01-01'
where OPRID in ('SOLICITANTE', 'PS', 'PTWEBSERVER')
I found the same blog in http://www.itwisesolutions.com , Is it the same site?
ReplyDeleteThanks Larry for the information. It seems itwisesolutions is a site grouping multiple Blogs using RSS. I haven't posted this entry there, but I don't mind sharing its contents.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteThis comment has been removed by a blog administrator.
ReplyDeleteGood post and this fill someone in on helped me alot in my college assignement. Gratefulness you seeking your information.
ReplyDeleteTo my understanding, there is one more way to avoid password Expiry for particular users
ReplyDeleteIn the peoplecode of FUNCLIB_PWDCNTL adding the following customization in the function PASSWORD_CONTROLS
Function PASSWORD_CONTROLS ( );
/* START CUSTOMIZATION - this is a customization to exclude users from password controls */
If %SignonUserId = "" Or
%SignonUserId = "" Then
Exit(0);
End-If;
/* END CUSTOMIZATION */
where USER1 , USER2 are id whose password you don’t want to expire.
Hi Ramprasath
ReplyDeleteThanks for your contribution.
I guess the intended code was:
(...)
If %SignonUserId = "USER1" Or
%SignonUserId = "USER2" Then
Exit(0);
End-If;
(...)
Although this approach works, it implies a customization in a PeopleTools object such as the FUNCLIB record you referred to. This is normally something you would like to avoid, as it could be affected by any PeopleTools update (which due to Oracle Security Alerts are quite common).
Again, as I said, it's a valid approach so in the end it's a matter of choosing the option you like the best.
Thanks for providing information on people soft admin
ReplyDeletepeople-softadmin
This comment has been removed by the author.
ReplyDeleteHi Nikhil
ReplyDeleteYou could run the sentence for all users at once:
update PSOPRDEFN
set LASTPSWDCHANGE = '2050-01-01';
But probably at that point the best option would be to disable password expiration altogether. This can be done by PeopleTools Security configuration, in a page called Password Controls.
I hope this helps.
Thanks.
Hi Javier ,
ReplyDeleteThanks for the great info.
It would work for specific users alright . But, what if I want the passwords of all the users working on a specific PeopleSoft environment to never expire even after it is refreshed.Because the navigation in PIA and selecting the "Never Expires" tab would be set to default once the environment is refreshed I guess. Is there a way to do that using a SQL query which can be added to the post refresh script?
Looking forward to your inputs/idea.:)
Hi Nikhil
ReplyDeleteYes, you could use the following sentence:
update PSOPRDEFN
set LASTPSWDCHANGE = '2050-01-01';
I hope this helps!
Now that was a quick reply Javier.
ReplyDeleteMuch appreciated!
Amd I am pretty sure , it would work.
So just to confirm ,
By adding the sentence you mentioned in the post refresh script , it would disable the password expiration thing for all the users in that specific environment. Am I right?
Yes, until 2050 :-)
ReplyDeleteIf you have any issue let me know.
Cheers!
Thank you so much for your inputs.
ReplyDeleteWill try and let you know.
Good to have stumbled upon your blog! :)
Keep up the great work! :)
Hi Javier ,
ReplyDeleteThe query worked. :)
And is there a way to just update the "Never Expires" tab from the back end as it should serve the purpose as well.Just checked the pplcode for the password control page.There is a lot of dependency. Some changes may have to be made at the people code level too.Nothing can be done at the SQL level alone without those changes I think.
Is there a way to enable that radio button(Never Expires) without contradicting with the peoplecode?
Hi Nikhil
ReplyDeleteI think the following statement would work, but I cannot test it right now:
update PSPSWDRESTICT set PSWDAGEWRK = 'N';
Let me know if it works.
Thanks!
Already tried this.
ReplyDeleteActually "PSPSWDRESTICT" does not exist since it is a derived table. I myself am trying to figure out a way around this.
Can't seem to find one though.
Hi Nikhil
ReplyDeleteTry this then:
update PSSECOPTIONS set PSWDEXPIRESDAYS = 0;
You may need to delete your cache after this. I'm not sure if it's cached or not, but normally when manipulating PeopleTools tables it is a good idea.
Thanks
Hi Javier,
ReplyDeleteNeed an information on how can we validate User ID and password from third party system(Java ) I am able to connect to Peoplesoft DATABASE . Can we use any SQL package ?
Regards,
Chaitanya.
Hi Yyc Varma
ReplyDeleteThe password encryption is not done at the database level, so I'm not sure you can do it through SQL. One possible way would be to create a Component Interface in PeopleSoft and call it from Java. Another alternative would be using a Web Service, but in both cases you would need to do some development in PeopleSoft.
There is no standard way of doing this as far as I'm aware, although I haven't had the opportunity to do some deep research.
Thanks
Thank you Javier for your inputs.
ReplyDeleteMuch appreciated.
The query " update PSSECOPTIONS set PSWDEXPIRESDAYS = 0; " works fine as per requirement.
Hi Javier, I set up the password control, but the application does not expire passwords. Do you know if there is a process to run?.
ReplyDeleteThanks in advance. Regards
Hi
ReplyDeleteYou don't need to run any process, but if you set Password Controls, it will enable a Signon PeopleCode, which may require a reboot of your application server.
I hope this helps.
Thanks