Passwords in AS/400 joblog

Eric

Active Member
I did a search on this subject and came up with the suggestion to add the following to the JDE.INI file:

ServerPasswordFile=TRUE

Does this remove the username and password from the joblog on the AS/400? I ask because the response was not a definitive answer.

Thanks in advance for any assistance.
 
This is how I understand it works:
when a UBE is submitted the password is passed to the runube executable as a parameter. That makes the password visible through joblog on AS400 or through the ps command on Unix.
ServerPasswordFile=TRUE makes that the password is written to a temp-file, the filename is passed as a parameter and runube reads it from there. OS security should make it impossible for anyone to read this temp-file.
So yes, the setting ´removes´ the password from the joblog. You see funny filenames instead.
Hope this helped, Gerd
 
The Quest SIG and PeopleSoft Technology PUG have an enhancement paper asking PS to address this issue. Currently it is being reviewed. If you would like to add your company's name to the paper, send me your name, company name, phone#, email address and I will add it.
 
That's good to know. Just FYI, the ServerPasswordFile setting is not defined in our INI. Yet, each submitted job generates the temp file with the password in it. Must mean that the default value is "TRUE" for the setting?
 
Beware - I just tried changing this on our test iSeries and nasty things happened:
All UBEs started failing immediately.
"SEC000003 - Security Server returned eSecInvalidPassword for user xxxx for eSecValidate"
"JDB1100015 - Failed to complete security check"
"JDB_InitEnvOvr failed with rcode =0"
(I was not popular with the Developers)
I did not recycle and falsely assumed that the change would take place during our weekend ipl/recycle.
My theory (yet to be proven) is that you need to recycle OW right away so that the security kernel also realizes that you don't have UBE security. Let me know if this works. We are hoping that changing this setting to false will stop other types of UBE failures that relate to 'unauthorized to temp objects'.

Xe SP22Q1 iSeries V5R2
 
[ QUOTE ]
Beware - I just tried changing this on our test iSeries and nasty things happened:
All UBEs started failing immediately.
"SEC000003 - Security Server returned eSecInvalidPassword for user xxxx for eSecValidate"
"JDB1100015 - Failed to complete security check"
"JDB_InitEnvOvr failed with rcode =0"
(I was not popular with the Developers)
I did not recycle and falsely assumed that the change would take place during our weekend ipl/recycle.
My theory (yet to be proven) is that you need to recycle OW right away so that the security kernel also realizes that you don't have UBE security. Let me know if this works. We are hoping that changing this setting to false will stop other types of UBE failures that relate to 'unauthorized to temp objects'.

Xe SP22Q1 iSeries V5R2

[/ QUOTE ]

Were you able to resolve your issue? Did this work for you? Thanks in advance.
 
I had forgotten about this.
We DO have this entry in our ini's so we must have gone ahead and done it. Whether it is doing us any good or not I don't know. We did it because of UBE failures and we have not been monitoring them due to more exciting things like 3 attempts at SP23. We are trying for the 4th time in July and will go back to monitoring UBE failures after that.

So...it doesn't seem to be doing us any harm but don't make the change with OW up.

Sorry I know this is not that helpful.

Sue.
 
Has anyone found that adding "ServerPasswordFile=3DTRUE" to the JDE.INI file removes the username and password from the joblog on the AS/400?
 
Re: RE: Passwords in AS/400 joblog

I’ve done some searches on the web and it looks like the ServerPswdFile setting controls whether Unified Logon is used or not. My searches indicated it’s Boolean flag (TRUE/FALSE), so I have no idea what 3DTRUE setting means.

I believe if it’s set to TRUE, one couldn’t see user name and password in clear text.



It’s all hearsay though…
 
N.B. the setting is actually:

ServerPswdFile=TRUE and should be added under the [SECURITY] section in the server JDE.INI.
 
[ QUOTE ]
N.B. the setting is actually:

ServerPswdFile=TRUE and should be added under the [SECURITY] section in the server JDE.INI.

[/ QUOTE ]

Thanks for your response. Does this work on your system?
 
[ QUOTE ]
[ QUOTE ]
N.B. the setting is actually:

ServerPswdFile=TRUE and should be added under the [SECURITY] section in the server JDE.INI.

[/ QUOTE ]

Thanks for your response. Does this work on your system?

[/ QUOTE ]

Yes it does. Here's what the password parm should look like if you view the command in the JOBLOG:

PASSWORD()

Winston
 

Similar threads

KoalaBaby
E9.2 How to Capture XDO BI Logs
Replies
0
Views
551
KoalaBaby
KoalaBaby
A7.3 List of database tables used by the HR and Payroll modules
Replies
0
Views
580
Daniel Ulisses Da Meda
JohnDanter2
E9.2 Partial WO Completions are splitting F4611 suggestions
Replies
1
Views
541
JohnDanter2
JohnDanter2
E9.1 Secure all but a couple fields in a form
Replies
3
Views
1K
BPConnor
BPConnor
richslaney
E9.2 Getting the Last Logon and Logoff Details in 9.2 (F9312 / F9312T)
Replies
7
Views
1K
BOster
BOster
Back
Top