2 Things :

1) Where can I find the specs on a user password; That is, length of password, how it is set up, how often it needs to be reset (every 90days)?

2) Secure vs. Non Secure: When running the Form ID security (for auditors- YAY!) what is the difference. It's not making much sense...

Don't know what OS you're running on. In our system -- "Windows NT" to Lawson -- we run Windows 2003 and the passwords are validated by Active Directory.

Therefore, at least in our case, user password paramters are controlled by Windows, not Lawson.

Same thing when I was at my former employer, who runs HP-UX. The password parameters were defined by HP-UX (UNIX).

If your Lawson installation ties into the OS for password parameters, that's where you'll go for that information. Good luck! :bye:

Well we remote in -

But, we are Unix.

So nowhere in the Lawson system that I can find how often they are reset, etc?

Right, Milo. Which passwords are you referring to? Windows, Unix, Portal? The parameters you're asking about are not determined by Lawson but rather by each individual client based on their internal policies for authentication.

As for the Form ID report - good luck with that. I've always disliked these laua security reports and am hoping LSF 9 offers something better.

In laua there isn't a way to ask the question: Who has access to form X (HR11, AP10, whatever). You have to run the form id report for every security class to see if they have it. (Several years ago I spent a considerable amount of time writing some scripts and an Access app to answer that question. Where did that thing go?...)

Anyway, the Form ID report has the option to show Secured (things they don't have access to) or Unsecured (things they do have). But you have to combine that with the other reports to determine what system codes they have access to, what companies and product lines they have access to, etc. Even within the Unsecured report it shows what function codes (Add, Change, Delete, Inquire, Next, Previous, etc) they have access to. So a typical auditor question might be "who can set up a vendor?" You have to look at who has system code AP, and who has 'all functions' for the data security for the company, who has AP10, and who has the ACD function codes.

If you want to keep the auditor busy then print out all of the above reports for each security class (LOTS of paper), explain how to read them and send him on his way. But if you want to be helpful (yikes) then they may need to tell you what they're looking for, exactly, and you could get the answer after just a few reports, instead of hundreds and hundreds of pages for them to pour over...

-GW

What version of Unix (AIX, HP...)? And do you mean for LID access or Portal?

Form ID Report

Use the perl script below (from the SWUG site) to tell you who can see any particular screen. Use the formid security report as the input file.

If you build this to be called by another script you can get a listing for all your screens.


#
# whocan.pl - who can access a screen code
#
# usage: perl whocan.pl screenname reportfile
#
# Screenname should be something like HR11.1 or HR11\\. (case in-sensitive)
#
# Reportfile is the output from a formid security report from laua
#

BEGIN {
$screen = shift @ARGV or die "usage: whocan AB12[.3] report_file";
$secclass="";
print " SYSTEM PROGRAM UNSECURED SECURED\n";
print "SECCLASS PRODUCT LINE CODE CODE FORM ID SECURED FCs FCs\n";
print "---------- ------------------------------------------------------------------------------\n";
}
if (/SECURITY CLASS:\s+(\S+)$/) {
$secclass=$1;
next;
}
if ($secclass) {
printf("%-11s%s", $secclass, $_) if /$screen/i;
}

The configuration of password policies depends on what UNIX flavor you run (/etc/default/passwd on Solaris, /etc/security/user on AIX, etc.). You can also check password aging for a given user with a simple command (passwd -s on Solaris, lsuser -f on AIX). Be sure to find out whether any PAM modules are being used that might affect password policies.

I can't get to a UNIX prompt because we are remote hosted.