Re: $SETUAI() Query/Problem

From: covendotartdottalk21dotcom (postmaster_at_127.0.0.1)
Date: 01/31/04 

Date: Sat, 31 Jan 2004 16:25:57 -0000

"Bob Koehler" <koehler@eisner.nospam.encompasserve.org> wrote in message
news:m258zcrWBUyC@eisner.encompasserve.org...
> In article <iZidnUd-geh-54fd4p2dnA@brightview.com>,
"covendotartdottalk21dotcom" <postmaster@127.0.0.1> writes:
> >
> > However, when I attempt to use $SETUAI() or $GETUAI, the system
> > services always seem to pick up the definition in the SYSTEM name
> > table, not the PROCESS one.
>
> If I was writing $SETUAI or $GETUAI it almost certainly would
> not use process, group, or job logical name tables.
>
> IIRC these routines are supposed to access THE system authorization
> file (ergo the one currently being used by LOGINOUT), not some random
> file that happens to be in the same format.

Hardly a "random" file; it just happens to be a.n.other node's SYSUAF.

So reading between the lines of your terse response, what you're saying
is that there is no way of modifying the content of a remote node's UAF
(where that remote node is not in a cluster with the node where you are
attempting to originate the password change requests, and therefore not
sharing a cluster-common UAF), from an executable generated from 3GL
source code, using the $SETUAI() routine in combination with
$HASH_PASSWORD?

So how do other people with several hundred (lookalike) systems change
account passwords? Manually? Using a different password on each
system?

If corporate policy requires that you have different passwords on each
system, then it is likely that you have to change the passwords on a
regular basis, and I particularly don't rate the prospect of spending
two full days a week changing passwords by manually logging on to
systems using SSH, because that's the only other way (I can think of
at the moment) that you could satisfy the requirement that the
password is not sent in a clear-text format across the network (which
packet sniffers and keystroke loggers can trap).

Mark