on Jun 16, 2016Article Content
| Article Number | 000021299 |
| Applies To | RSA ACE/Server 5.2 Administration API |
| Issue | How to create a user password without status "Change Required" with RSA ACE/Server Admin API When creating a User using RSA ACE/Server Administration API with the Sd_AssignPassword function call, the user is created in the database correctly, but the password is always set to 'Change Required' status |
| Cause | When a user is created using the Sd_AssignPassword function call, the user's Password will automatically be put into ?Change Required? mode. This is because user passwords are in fact stored as Token records in the ACE/Server database. So a user password is stored as a user PIN, and when newly created it is, in effect, in 'New Pin Mode'. |
| Resolution | To resolve this issue, use the message buffer returned by the function call Sd_AssignPassword (this function provides the newly created password token serial number from the database) and use it with Sd_SetPin. Using Sd_SetPin with the same password used with Sd_AssignPassword will take the case out of 'New Pin Mode'. Below is an TCL script to demonstrate this: puts [Sd_ApiInit $env(VAR_ACE)/sderv $env(VAR_ACE)/sdlog 1] set pSerial [Sd_AssignPassword "UserLastName" "UserFirstName" "UserID" "/bin/sh" "1234" "365" "0"] Sd_SetPin 1234 $pSerial Sd_ApiEnd exit |
| Legacy Article ID | a22248 |