有沒有辦法使用SQL在IBM System i(aka iSeries / AS400)上更改用戶密碼?

[英]Is there a way to change user password on IBM System i (aka iSeries / AS400) using SQL?


I have a C#.NET application that must be able to change the user password on an IBM System i (iSeries / AS400) machine. I am currently using the following code to perform this operation using IBM's proprietary cwbx.dll.

我有一個C#.NET應用程序,必須能夠更改IBM System i(iSeries / AS400)計算機上的用戶密碼。我目前正在使用以下代碼使用IBM專有的cwbx.dll執行此操作。

using cwbx;

public void ChangePassword(string system, string user, string currentPassword, string newPassword)
{
    AS400System as400 = new AS400System();
    as400.Define(system);
    try
    {
        as400.ChangePassword(user, currentPassword, newPassword);
    }
    finally
    {
        as400.Disconnect(cwbcoServiceEnum.cwbcoServiceAll);
    }
}

This works well enough, but forces me (and all users of the application) to take a proprietary dependency on cwbx.dll. I would like to eliminate this dependency.

這很好用,但迫使我(以及應用程序的所有用戶)對cwbx.dll采取專有依賴。我想消除這種依賴。

Is there any way to change the password using SQL similar to MS SQL Server's alter login mechanism?

有沒有辦法使用類似於MS SQL Server的alter login機制的SQL更改密碼?

I know I can accomplish this with the IBM.Data.DB2.iSeries .NET data provider by invoking programs from SQL using the following code from Integrating DB2 Universal Universal Database for iSeries with for iSeries with Microsoft ADO .NET.

我知道我可以使用IBM.Data.DB2.iSeries .NET數據提供程序通過使用以下代碼從SQL集成DB2通用數據庫for iSeries與iSeries與Microsoft ADO .NET來調用程序來完成此任務。

/// <summary>
/// Call a program directly on the iSeries with parameters
/// </summary>
public string CallPgm(string cmdtext)
{
    string rc = " ";

    // Construct a string which contains the call to QCMDEXC.
    // Because QCMDEXC uses single quote characters, we must
    // delimit single quote characters in the command text
    // with an extra single quote.
    string pgmParm = "CALL QSYS/QCMDEXC('"
    + cmdtext.Replace("'", "''")
    + "', "
    + cmdtext.Length.ToString("0000000000.00000")
    + ")";

    // Create a command to execute the program or command.
    iDB2Command cmd = new iDB2Command(pgmParm, _connection);
    try
    {
        cmd.ExecuteNonQuery();
    }
    catch (iDB2Exception ex)
    {
        rc = ex.Message;
    }

    // Dispose the command since we're done with it.
    cmd.Dispose();

    // Return the success or failure of the call.
    return rc;
}

The problem with this technique is that I must have an existing connection before I can attempt to change a password. Unfortunately, if the user's password has expired they cannot connect to the database (iDB2CommErrorException) and as a result cannot change their password.

這種技術的問題是我必須先有一個現有的連接才能嘗試更改密碼。不幸的是,如果用戶的密碼已過期,則無法連接到數據庫(iDB2CommErrorException),因此無法更改其密碼。

Is there any way accomplish this without the cwbx.dll?

沒有cwbx.dll有沒有辦法實現這個目標?

2 个解决方案

#1


4  

To programmatically change expired passwords on an IBM i (aka System i / iSeries / AS400) from a .NET application without taking a dependency on a local installation of IBM i Access for Windows (for cwbx.dll), consider one of the following options.

要以編程方式從.NET應用程序更改IBM i(aka System i / iSeries / AS400)上的過期密碼,而不依賴於本地安裝的IBM i Access for Windows(對於cwbx.dll),請考慮以下選項之一。

  • Programmatically establish a Telnet connection to the IBM i and transmit a sequence of characters that mimics the user input necessary to perform a change password operation. *Note that this is insecure without further configuration.

    以編程方式建立與IBM i的Telnet連接,並傳輸一系列字符,模仿執行更改密碼操作所需的用戶輸入。 *請注意,如果沒有進一步配置,這是不安全的。

  • IBM Toolbox for Java includes an OS/400 or i5/OS Java class that can be used in Java programs to change passwords. The Java help for the class is available in iSeries Information Center a the following Web site: http://publib.boulder.ibm.com/pubs/html/as400/v5r1/ic2924/index.htm

    IBM Toolbox for Java包含一個OS / 400或i5 / OS Java類,可以在Java程序中用於更改密碼。該類的Java幫助可在iSeries信息中心的以下Web站點中找到:http://publib.boulder.ibm.com/pubs/html/as400/v5r1/ic2924/index.htm

    The following example demonstrates how to perform a change password operation on an expired password using the IBM Toolbox for Java. This can be invoked from a C# program using System.Diagnostics.Process.Start("java ChangeIBMiPassword hostname username oldpw newpw"); (assuming appropriate classpaths). Also note that it is possible to use Java API's directly from .NET with the IKVM.NET library.

    以下示例演示如何使用IBM Toolbox for Java對過期的密碼執行更改密碼操作。這可以使用System.Diagnostics.Process.Start(“java ChangeIBMiPassword hostname username oldpw newpw”)從C#程序調用; (假設適當的類路徑)。另請注意,可以直接從.NET使用Java API和IKVM.NET庫。

import com.ibm.as400.access.AS400;

public class ChangeIBMiPassword {
    public static void main(String[] args) {
        if (args.length < 4)
            System.exit(-1);

        String host = args[0];
        String user = args[1];
        String oldpw = args[2];
        String newpw = args[3];

        AS400 sys = new AS400(host, user);  
        try {
            sys.changePassword(oldpw, newpw);
        } catch (Exception e) {
            e.printStackTrace();
            System.exit(-1);
        }
    }
}
  • Write a secure web service that runs on the IBM i. This web service will accept parameters for username, current password and new password. When a user calls this web service, it will perform the change password operation on behalf of the calling program.

    編寫在IBM i上運行的安全Web服務。此Web服務將接受用戶名,當前密碼和新密碼的參數。當用戶調用此Web服務時,它將代表調用程序執行更改密碼操作。

  • Write a secure web service that does not run on the IBM i. This web service will accept parameters for username, current password and new password. When a user calls this web service, it will use the cwbx library to perform the change password operation on behalf of the calling program. This does not totally eliminate the dependency on cwbx.dll, but it lowers it to a single system.

    編寫一個不在IBM i上運行的安全Web服務。此Web服務將接受用戶名,當前密碼和新密碼的參數。當用戶調用此Web服務時,它將使用cwbx庫代表調用程序執行更改密碼操作。這並不能完全消除對cwbx.dll的依賴,但它會將其降低到單個系統。

http://www-01.ibm.com/support/docview.wss?uid=nas10043a8b0e0544f1386256ba100659bcd

#2


0  

Write a stored procedure or function that invokes CHGUSRPRF. It would need to run under high enough authority (and thereby expose the system to additional risk), but it'd then be easy to interact with SQL. Seems like a very questionable idea.

編寫一個調用CHGUSRPRF的存儲過程或函數。它需要在足夠高的權限下運行(從而使系統暴露於額外的風險),但它很容易與SQL交互。似乎是一個非常值得懷疑的想法。


注意!

本站翻译的文章,版权归属于本站,未经许可禁止转摘,转摘请注明本文地址:https://www.itdaan.com/blog/2013/03/29/4bb75090afb497fd5b08d65e39d76f0a.html



 
粤ICP备14056181号  © 2014-2020 ITdaan.com