TAA Tools
DSPPWD      DISPLAY PASSWORD                           TAASECC

The  i5/OS  operating system  does  not  allow  a display  of  a  users
password.   The passwords are kept on the  system in an encrypted form.
These   techniques  are   used  to   minimize  security  considerations
involving an accidental exposure of  a password or a break  in attempt.

The Display  Password command provides  a solution for  displaying user
passwords.    This can  only be  achieved by  trading  off some  of the
protection  offered by  the  system.    Before  you  implement  Display
Password,  you should  understand  the tradeoffs.    If  you choose  to
implement  Display Password, you  should try and  minimize the security
exposures.

Display Password keeps  a file  (SECPWDP in the  TAASECURE library)  of
the current  passwords on  the system in  a scrambled  form.   When the
command is run, the password is unscrambled and displayed.

The  operating system  provides a  validity checking  exit at  the time
passwords  are  being  validated.    The  system  value  QPWDVLDPGM can
describe a  program which  will be  called after  the operating  system
performs the  checking described by  the other QPWD...   system values.
The  validity checking program is only called  if the CHGPWD command is
used.

The validity  checking program  is not  called for  CRT/CHGUSRPRF.   If
you  want  the  passwords  set by  CRT/CHGUSRPRF  to  be  included  for
DSPPWD,  a  special command  CHGSCRPWD (Change  Scrambled  Password) is
also provided.  CHGSCRPWD  must be specified  (it is not  automatically
invoked).

The  Display Password  tool provides  a  program to  be  named for  the
QPWDVLDPGM   system  value.     The  program  captures   the  requested
password,  scrambles it and  stores it in  a file.   The password for a
individual user can then be displayed as:

        DSPPWD     USER(xxxxx)

A display would  appear describing the  user and his current  password.

To display all of the passwords, specify:

        DSPPWD     USER(*ALL)

A spooled file is created with all of the user passwords.

If  many  user  profiles  exist,  the  USER(*ALL)  function  should  be
submitted to batch.

Restrictions
------------

The  only  time the  QPWDVLDPGM  is  automatically invoked  is  for the
CHGPWD command.

If you  change passwords  using CRT/CHGUSRPRF  and  want them  included
for DSPPWD, then you must use the special command CHGSCRPWD.

The CHGSCRPWD  command must be  used the  same day as  CRT/CHGUSRPRF in
order for  DSPPWD to recognize a valid change.   DSPPWD assumes that if
the user  profile password  change  date is  the  same as  the  SECPWDP
change date, the  password in SECPWDP  accurately reflects what  is the
current user  password.  This can  result in an out  of synch condition
if  the password is changed  at the beginning of the  day by CHGPWD and
then later  in  the  day by  CHGUSRPRF  without running  the  CHGSCRPWD
command.

Part of  the installation  instructions allow you  to include  your own
secret  code which  will further confuse  a user  who was  able to read
the  scrambled   password  file   and  attempted   to  unscramble   the
passwords.

DSPPWD keeps  only the  current password  in the  scrambled form.   The
operating  system keeps up  to 32  of the previously  entered passwords
in encrypted form.

A program can  only be  named for  the QPWDVLDPGM system  value if  the
QPWDLVL is 0 or 1 (allows for a maximum of 10 byte passwords).

DSPPWD command                                        *CMD
--------------

The DSPPWD command, displays one or all of the scrambled passwords.

   USRPRF        The user profile  to be displayed.   If a  single user
                 is  specified,  an  interactive  display occurs.    If
                 *ALL  is  specified, a  list of  users is  produced to
                 the spooled file USERS.

                 Specifying *ALL  requires building an  output file  of
                 user profiles  and processing  each profile.   If many
                 profiles  exist, the  function should be  submitted to
                 batch.

                 Specifying *ALL also  cleans up  the SECPWDP file  for
                 deleted  profiles.   The  processing determines  which
                 user  profiles  are  still active,  writes  them  to a
                 second file  and then  copies back.   Deleted  records
                 will not  exist in  the SECPWDP  file.   To clean  out
                 deleted   profiles,  the   *ALL  function   should  be
                 periodically used.

   OUTQ          The  output  queue  to  be  used  if  USRPRF(*ALL)  is
                 specified.  The default  is *JOB.  The intent  of this
                 parameter is  to allow you to place  the secure output
                 into  a  secure  output queue.    If  a  specific user
                 profile is named, this parameter is ignored.

CHGSCRPWD command                                     *CMD
-----------------

The Change Scrambled Password command  provides a command interface  to
the same  program which is  used as the  validity checking  program for
QPWDVLDPGM.   It allows a users password in the  SECPWDP file to be set
independently of the CHGPWD command.

The intent  of  CHGSCRPWD  is  that it  be  used  in  conjunction  with
CRT/CHGUSRPRF.   These  commands do  not invoke  the program  specified
for QPWDVLDPGM.   The intent  is that you  would have a  CL program for
creating/changing  user  profile  passwords  and that  part  of  the CL
program would be to invoke CHGSCRPWD and use the same password.

The CHGSCRPWD command  must be  used the same  day as CRT/CHGUSRPRF  in
order for DSPPWD to recognize a valid change.

   PWD           The new password.

   USRPRF        The user profile to be changed.

Prerequisites
-------------

The following TAA Tools must be on your system:

      OR            Or bits together from two fields
      SCRAMBLE      Scramble bytes in a field
      SNDCOMPMSG    Send completion message
      SNDESCMSG     Send escape message
      SNDSTSMSG     Send status message
      WRTSRC        Write source

Implementation
--------------

A  default version  of the  tool  exists.   The intent  of the  default
version is  to allow you to try out  the tool.  Follow the instructions
in the section on 'Testing'.

If you implement the tool,  you should change the default version  with
your own secret code.

You must  be the security  officer or a member  of his group  to create
the DSPPWD command.

DSPPWD  is intended  for use  with the  CHGPWD command.   To  force the
users to change  their passwords after  N days, you must  be using  the
QPWDEXPITV  system  value  (or your  own  technique)  to  automatically
invoke the  CHGPWD command.   Use DSPSYSVAL to display  QPWDEXPITV.  If
it is set to *NOMAX, the normal command to set it would be:

             CHGSYSVAL     QPWDEXPITV    VALUE('60')

When  the DSPPWD  tool is created,  the library TAASECURE  will also be
created if it does not exist.  It will contain the following:

  **   The SECPWDP file for the scrambled passwords

  **   The SECPWDP2 file  which is used  for cleaning out deleted  user
       profiles as described earlier.

  **   The  data area  DSPPWD which  is  created by  the CRTCONARR  TAA
       Tool.

  **   The  RPG program  TAASECCR  which is  used to  display passwords
       and contains your secret code.

  **   The RPG program  TAASECCR2 which is used  to update the  SECPWDP
       file and contains your secret code.

A default  secret code is  used to initially  create the  RPG programs.
The intent  of the default value is to let  you try out the tool before
implementing your own unique version.

If you are implementing your own  version, you should do the  following
as the Security Officer:

  **   Change  the secret  code  in  the  data area  DSPPWD  using  the
       EDTCONARR command:

                 EDTCONARR    DTAARA(TAASECURE/DSPPWD)

       When the  display appears, key over the  value that is specified
       as  DFTVALUExx with  your own  secret code.   It  can be  any 10
       characters such as '%T)#:?UG*Q'.

       Write down your secret  code on a piece  of paper and file in  a
       secure  place.   If you  need to  recreate the  tool at  a later
       point, you must use the same secret code.

  **   Use  CPYTAA2 to copy out the source  from the TAA Archive to the
       source files in your library.

            CPYTAA2   TAAARCMBR(DSPPWD) TOLIB(xxxx)

  **   Re-create the  DSPPWD  tool specifying  (normally  submitted  to
       batch):

           CRTTAATOOL    TOOL(DSPPWD) SRCLIB(xxxx)

  **   During the  creation of the  tool, the  RPG source for  the tool
       is  copied to  the  source file  TAATOOLSRC in  TAASECURE.   The
       secret code  is added  to  the end  of  each source  member  (as
       array  data)  and  the  programs  are  created.    If  the  tool
       successfully completes,  the TAASECCR and  TAASECCR2 members are
       removed  from TAATOOLSRC.  You should  use SEU to determine that
       these members do not exist.

             STRSEU    SRCFILE(TAASECURE/TAATOOLSRC)

       If the members do exist, remove them:

  **   Use  EDTCONARR  again and  key  over  your  secret  code.    For
       example,  you could  enter 'CHANGED'.   This  will make  it more
       difficult  for a user to determine your  secret code as the only
       place it will exist  on the system is  in the two RPG  programs.

  **   Change the QPWDVLDPGM system value:

           CHGSYSVAL     SYSVAL(QPWDVLDPGM) VALUE('TAASECCC2 TAATOOL')

When  the next  user changes  his  password with  CHGPWD, the  validity
checking program will update the SECPWDP file.

Testing (Before and After the implementation  step)
---------------------------------------------------

Testing  before  the implementation  step  allows you  to  try  out the
tool.  You must do the following as the Security Officer.

  **   Change the QPWDVLDPGM system value:

           CHGSYSVAL     SYSVAL(QPWDVLDPGM) VALUE('TAASECCC2 TAATOOL')

  **   Create a dummy  profile with  all of  the defaults.   Signon  as
       the  dummy user.   Use  the  CHGPWD command  and  specify a  new
       password.  Signoff as the dummy user.

Signon  as the  Security Officer  and use  the  DSPPWD command  for the
dummy user.  Then, try DSPPWD(*ALL) and review the spooled output.

Use DSPPFM to see what the scrambled password looks like:

        DSPPFM (TAASECURE/SECPWDP)

Use  CHGUSRPRF to change the dummy  profile password.  Use CHGSCRPWD to
change the  dummy profile  to the  new password.   Use  DSPPWD for  the
dummy profile to see the new change.

Delete the dummy profile.

A new release of the TAA Tools
------------------------------

When a new  release of TAA Tools is shipped, the  install code does not
replace  the SECPWDP  and SECPWDP2  files in TAASECURE.   If  the files
exist, they are  left in tact.   If the  files do  not exist, they  are
installed.

The install  code checks the  two RPG programs  in TAASECURE.   If they
were  created on  a  system which  begins with  a name  of  TAASYS, the
object programs are replaced.  If  they were created on a system  other
than TAASYSxx, they  are left in tact.   Therefore, if you  created the
tool  on  your  system,  the  install  code  should  not  replace  your
modified version.

The  objects in  TAATOOL related  to DSPPWD  (command and  CL programs)
are replaced on  each release, but this  should not impact your  use of
DSPPWD.

You should  read the AAAAx members  in the TAA Archive  on each release
to  determine  if  there  any changes  to  the  DSPPWD  tool  that will
require you  to recreate  the programs.   If  so, you  must change  the
DSPPWD data area  with EDTCONARR as in  the implementation instructions
to match your secret code and recreate the tool.

After  the tool  is working, you  should again  change the  DSPPWD data
area to a different value than your secret code.

Security considerations
-----------------------

The  code  is  written  to  attempt  to  minimize  security  exposures.
However, because  the  file and  programs are  the  key to  determining
what the passwords are, there is always an exposure.

For  example,  there is  nothing  to prevent  an  authorized user  from
saving  the TAASECURE library and taking  it to another system where he
can analyze the information as the Security Officer.

Unless you are willing  to assume a risk  of this type, you should  not
implement DSPPWD.

The sensitive objects:

  **   The data base file containing the scrambled passwords

  **   The data area containing the secret code

  **   The two RPG programs containing the secret code

are placed  in the private  library TAASECURE.   The data base  file is
made private.  The data area is made private.

The  DSPPWD command  checks  to ensure  the user  is authorized  to the
TAASECURE library.  The library is created as secure.

The validity checking  program (TAASECCC2 in TAATOOL)  must exist in  a
public library  so it can  be accessed when the  user signs on  and the
operating system  is validating a new password.   The TAASECCC2 program
adopts the user profile of it's owner  so that the user can access  the
secure library TAASECURE.

The  TAASECCC2  program is  written  to  do  a call  to  the  qualified
program  name TAASECCR2  in TAASECURE.   The  program also  specifies a
secure  override  to  the  SECPWDP  file.    The  TAASECCC2  program is
created to prevent logging, retrieving of CL source and debugging.

The  QPWDVLDPGM  system value  requires  that  the  processing  program
receive a parameter list of:

     - New password      *CHAR LEN(10)
     - Old password      *CHAR LEN(10)
     - Return code       *CHAR LEN(1)  where '0' means the password
                                         is considered valid.

The TAASECCC2  program is also  used as the command  processing program
for  the CHGSCRPWD  command.  It  passes the  user profile  name as the
old password and a constant 'X'  for the third parameter.  When an  'X'
is recognized,  the CL  program knows that  it is  being called  by the
CHGSCRPWD  command rather  than by  the QPWDVLDPGM  system value.   The
logic is  changed to  use  the second  parameter  as the  user  profile
rather than using RTVJOBA to determine the current user.

While  the TAASECCC2  program  attempts  to block  security  exposures,
there  is nothing  to prevent a  normal user  from calling  the program
during  the day  (e.g.  after  signing on).   The program  will cause a
change to  the current  signed on  user's  password in  SECPWDP.   This
does not  cause a security exposure  (the user profile  password is not
changed),  but would  cause the real  user profile  to be  out of synch
with the version kept in SECPWDP.

If the user called the  TAASECCC2 program with the third parameter  set
to 'X'  to simulate the  CHGSCRPWD command,  the code checks  to ensure
that the user is authorized to change the user profile.

Backup of TAASECURE Library
---------------------------

The  SECPWDP file  will  be changed  any time  a user  does  the CHGPWD
function or  the  CHGSCRPWD command.    Therefore the  file  should  be
backed up regularly.

To handle deleted user  profiles, a second file (SECPWDP2)  also exists
in  TAASECURE.    If  DSPPWD  USER(*ALL)  is  specified,  part  of  the
processing  writes the  active records  to the  second file.   When all
records  have  been processed,  the  second  file  is  copied  back  to
SECPWDP with  the replace option.   This has the effect  of netting the
file  so that it includes only the  existing user profiles.  The second
file is  then cleared.   Because  of this  technique,  the second  file
does not need to be backed up on a regular basis.

Objects used by the tool
------------------------

   Object        Type       Attribute      Src member     Src file
   ------        -----      ---------      ----------     -----------

*  DSPPWD        *DTAARA
   DSPPWD        *CMD                      TAASECC        QATTCMD
   CHGSCRPWD     *CMD                      TAASECC2       QATTCMD
*  SECPWDP       *FILE         PF          TAASECCP       QATTDDS
*  SECPWDP2      *FILE         PF             No source
   TAASECCD      *FILE         DSPF        TAASECCD       QATTDDS
   TAASECCC      *PGM          CLP         TAASECCC       QATTCL
   TAASECCC2     *PGM          CLP         TAASECCC2      QATTCL
*  TAASECCR      *PGM          RPG         TAASECCR       QATTRPG
*  TAASECCR2     *PGM          RPG         TAASECCR2      QATTRPG

     * These objects are located in the TAASECURE library.

Structure
---------

DSPPWD     Cmd
  TAASECCC   CL
    TAASECCR   RPG
      SECPWDP    PF
      SECPWDP2   PF
      TAASECCD   DSPF

CHGSCRPWD   Cmd
  TAASECCC2   CL      (Also specified for QPWDVLDPGM)
      TAASECCR2  RPG
         SECPWDP    PF
					

Added to TAA Productivity tools April 1, 1995


Home Page Up to Top