000021299 - How to create a user password without status 'Change Required' with RSA ACE/Server Admin API

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021299
Applies ToRSA ACE/Server 5.2 Administration API
IssueHow to create a user password without status "Change Required" with RSA ACE/Server Admin API
When creating a User using RSA ACE/Server Administration API with the Sd_AssignPassword function call, the user is created in the database correctly, but the password is always set to 'Change Required' status
CauseWhen a user is created using the Sd_AssignPassword function call, the user's Password will automatically be put into ?Change Required? mode. This is because user passwords are in fact stored as Token records in the ACE/Server database. So a user password is stored as a user PIN, and when newly created it is, in effect, in 'New Pin Mode'.
ResolutionTo resolve this issue, use the message buffer returned by the function call Sd_AssignPassword (this function provides the newly created password token serial number from the database) and use it with Sd_SetPin. Using Sd_SetPin with the same password used with Sd_AssignPassword will take the case out of 'New Pin Mode'. Below is an TCL script to demonstrate this:

    puts [Sd_ApiInit $env(VAR_ACE)/sderv $env(VAR_ACE)/sdlog 1]

  set pSerial [Sd_AssignPassword "UserLastName" "UserFirstName" "UserID" "/bin/sh" "1234" "365" "0"]

  Sd_SetPin 1234 $pSerial

  Sd_ApiEnd
  exit
Legacy Article IDa22248

Attachments

    Outcomes