JDE Password Validation - Unlimited attempts

[RajeshGarg]

Hi All,

I am looking for a procedure to perform password validation in JDE OW XE.
There is a business function (B91300C à Validate User’s Sign-on Password). This BSFN calls a standard API jdeSecValidateUser(…). Unfortunately this API is disabling the account after 3 tries.

Does anyone know of a way to validate the system password without disabling the account (user id)?

Regards,
Rajesh

 

[Larry_Jones]

almost sounds like you're looking to discover passwords the brute force method ...

Why isn't 3 tries enough?

 

[MagarG]

We've already had instances where some users out there were trying to login using the JDE userid and breaking the system because it disabled the EnterpriseOne JDE account.

 

[tgore]

A suggestion for that problem. Create another user-id (OWUSER). Replace JDE with OWUSER in your enterprise JDE.INI file and other key locations. That way, when people "play" with JDE and break it, the system will not be disabled. This suggestion was given to us by the JDE consultant that helped us initially install and configure OW.

 

[Josh McEvoy]

Actually, the definitive way to correct the issue, if you don't care about the security concerns, is to set the JDE login attempts to 0 in P98OWSEC. By setting it to 0 you prevent it from being locked no matter how many false attempts are done against it.