Psoft Software

[Derrik Navarro]

Wecame up with a small pcode modification to resolve the problem and force users to reset their 2-tier password. See solution below. In summary, even if the user enteres a valid LDAP password, the logon process will fail if the 2-tier peoplesoft password has expired. The user can only logon using the LDAP password if their 2-tier password is in good standing. By forcing the user to logon using their 2-tier password that has expired, they are automatically prompted to change their password via the delivered PSoft password reset page.

From: Shasikanth_Malipeddi via peopletools-l [mailto:people...@Groups.ITtoolbox.com]

Sent: Wednesday, March 10, 2010 7:03 PM

To: Hefler, Peter

Subject: RE:[peopletools-l] need code to force psoft password to be reset

NOT is an important word that I missed there. I meant to say the password controls would have affected even the users who do NOT have access to login in PeopleSoft directly. Also, take a look at the response below from Oracle support for a ticket I had opened when we were trying to do this. Though I did not implement their solution as I did not want to change the sign on PC, this might be some you would be interested in:

WORKAROUND:

Most use a specific user to start the app server. Starting the app server is a two-tier process so as long as that is all this user will be doing it will not be affected by most password controls. (Password controls like Max logon attempts and expire only work in three tier and PIA, not in 2 tier connections). The problem is that even if this user cannot logon via 3-tier there is a chance their account could get locked out by possible misuse of someone attempting to logon as that user id.

There is a need to make the LASTPSWDCHANGE field on PSOPRDEFN a future date so the password will never expire for this user ID. This is good if needed for default users that run daily processes. HOWEVER this will NOT prevent the account from getting locked out due to a failed password attempt or misuse. Also remember that any change through SQL updates to the back-end tables will require the app server to be rebooted.

It is highly recommended that the following code change be used to exclude certain users from the password controls completely in order not to have their accounts become locked out due to misuse. Some accounts to consider would be the user that starts the app server, web server, process scheduler, bypass signon user, or a guest account user.

I do not think there is any easy way to accomplish this because enabling password controls in PeopleSoft will start expiring the passwords for all users who might have the password to login directly into PeopleSoft. I am assuming you would not want them to have two passwords since you are authenticating with AD.

From: RustyEngland via peopletools-l [mailto:people...@Groups.ITtoolbox.com]

Sent: Wednesday, March 10, 2010 3:38 PM

To: Hefler, Peter

Subject: RE:[peopletools-l] need code to force psoft password to be reset

Can you please expalin us more the code you have used and the one you mentioned in the last post? We have disable the PeopleSoft Password controls and are logging in through LDAP. But we have users logging into 2-tier. So we need to reset the PeopleSoft Password when it expires. We feel the code you mentioned above will help us. Can you please explain about the code and where exactly write it ? Should we need to bounce the app server after writing the code ?

3a8082e126