Skip to main content

Install and configure pspwdexit

The pspwdexit_v5r4m0 and pspwdexit_v7r1m0 programs are installed in the \<instance>\addon\transparent-synch\as400 directory.

To install and configure the pspwdexit_v5r4m0 for IBM i7.1 or pspwdexit_v7r1m0 for IBM i7.2 program:

  1. From the Bravura Pass server, establish a connection to the OS/400 server using the 5250 emulator software.

  2. If the OS/400 server already has another version of the transparent synchronization interceptor installed on it, you must remove it by running the following command:

    DLTLIB PSYNCH

  3. Create a PSPWDEXIT save file.

    CRTSAVF FILE(QGPL/PSPWDEXIT)

  4. Transfer the pspwdexit_v5r4m0 or pspwdexit_v7r1m0 file to the OS/400 server, so that it overwrites the placeholder file you created in step 3.

    1. Navigate to the \<instance>\addon\transparent-synch\as400 directory.

    2. From a Windows command prompt:

      ftp <OS/400 server>

> binary

> put <exit program> QGPL/PSPWDEXIT (replace

> quit

      Note that there is no closing parenthesis on the put command.

  5. Switch back to the 5250 emulator.

  6. Restore the PSYNCH library:

    RSTLIB SAVLIB(PSYNCH) DEV(*SAVF) SAVF(QGPL/PSPWDEXIT)

  7. Change the following system value:

    CHGSYSVAL SYSVAL(QPWDVLDPGM) VALUE(*REGFAC)

    then add the exit program by typing on one line:

    ADDEXITPGM EXITPNT(QIBM_QSY_VLD_PASSWRD) FORMAT(VLDP0100) PGMNBR(⋆HIGH) PGM(PSYNCH/PSPWDEXIT) THDSAFE(⋆YES) TEXT('Password Manager Password Exit Program')

  8. Configure the following data areas:

    • Set TARGETID to the target ID of the OS/400 server as it is configured in Bravura Pass :

      CHGDTAARA DTAARA(PSYNCH/TARGETID) VALUE('<target ID>')

    • Set PSSERVER to the address of the Bravura Pass server:

      CHGDTAARA DTAARA(PSYNCH/PSSERVER) VALUE('<Pass server address>')

    • Set PSPORT to 3334:

      CHGDTAARA DTAARA(PSYNCH/PSPORT) VALUE('3334')

    • Set COMMKEY to the Bravura Pass server communication key (or Master Key) value:

      CHGDTAARA DTAARA(PSYNCH/COMMKEY) VALUE('<commkey value>')

    • Set MSGUSER to the administrative user who will receive system messages:

      CHGDTAARA DTAARA(PSYNCH/MSGUSER) VALUE('<user>')

    See OS/400 system components for a description of values.

  9. Modify the PSYNCH library’s object authorization.

    To modify the authority of the objects in the PSYNCH library:

    1. Type:

      WRKLIB LIB(PSYNCH)

    2. Enter 12 (work with objects).

    3. For each object in the PSYNCH library:

      • Select 2 to edit authority.

      • Ensure the *PUBLIC user has its object authority set to *USE. Modify accordingly.

OS/400 system components

All the values are type CHAR, so the values should be encased in single-quotes.

Component

Description

PSPWDEXIT

The exit programs work with the QIBM_QSY_VLD_PASSWRD exit point. Use the ADDEXITPGM command to add the exit point.

You also need to set the QPWDVLDPGM system value to *REGFAC. The advantage of this, is that it can check who is changing whose password. Users are not allowed to change others users’ passwords. If this is attempted, a warning message is sent to an administrator MSGUSER.

MSGUSER

The user to whom administrative messages are sent. If the user is not specified, messages are sent to QSYSOPR. If a nonexistent user is specified, messages are not sent. Field length is 10.

MSGLEVEL

The administrative message level settings are logged. The default level is 3. The value can be set to the following: 0 (No logging), 1 (Error), 2 (Warning), 3 (Notice), 4 (Info), 5 (Debug)

PSSERVER

The Bravura Pass server’s network name or IP address. Field length is 50.

PSPORT

The Password Manager service port number. Field length is 5.

COMMKEY

The Bravura Pass communication key (or Master Key) in the encrypted format. Field length is 80.

TARGETID

The target ID of the OS/400 server as it is identified in Bravura Pass. Field length is 80.

TIMEOUT

The default timeout value for connecting to the Password Manager service is 8 seconds. If the network is slow, a greater value may be needed. Field length is 2.

FAILPPDOWN

The behavior when the Password Manager service cannot be contacted. By default, it is 0, and the CHGPWD is still permitted if it cannot be contacted. If set to 1, CHGPWD is rejected if the Password Manager service cannot be contacted.

In this section: