Expired Password Handling

Profound UI has the ability to handle expired passwords, but by default this functionality is turned off. For consistency between releases, customers must specifically enable this feature but doing so is extremely simple.

Configuring Password Handling

This feature is controlled by a data area in your installation directory, most commonly PROFOUNDUI. The data area name is PUIPWDMGT. This data area contains a single character code to control what level of password change functionality is available. The codes are as follows:

  • '0' - This is the default value. This code tells Profound UI that the password change functionality is disabled.

  • '1' - This code instructs Profound UI that password changes are only allowed once a user's password is about to expire.

  • '2' - This code lets a user's password be changed at any time.

Turning on password handling is as simple as changing the value in PUIPWDMGT to a value other than '0'. For example, if you wanted to enable only expired password handling, you would use the CHGDTAARA command from the IBM i command line like this:


Expired Password Handling

When PUIPWDMGT is set to any value other than '0' and a user signs on, Profound UI will automatically check to see if the user's password is expired or within the warning period. This warning period is normally controlled by the QPWDEXPWRN system value, but can be overridden at the user profile level. If you are running V5R4 or earlier, there is no QPWDEXPWRN system value and a value of 7 days is used instead.

If the user's password has already expired, the following window is displayed:

Clicking Change Password will take the user to the following screen to change the password:

Clicking Cancel will return the user to the sign on screen with an error message that the password is expired.

If the user's password will expire within the warning period, the following screen will appear to let the user know how long until the password expires:

In this scenario, if the user clicks Change Password they will still go to the screen mentioned previously, however if the user clicks Cancel, they will continue on in Profound UI.

Note: These screens are customizable. To customize, make changes to the rich display file PROFOUNDUI/PUICHGPWD. The same rules should be followed as when customizing the sign on panels. These rules can be found in Authenticated Sessions.

Allowing Password Changes at Any Time

If PUIPWDMGT is set to '2', the "Change Password" screen can be called at any time within your application. To do so, your application will call the program PROFOUNDUI/PUI0001203. This program accepts only one parameter, the user name. As always, the user will then need to enter the current and new password in order to change. The following is an example prototype for calling the change password screen:

//Prototype D Change_Password... D PR ExtPgm('PUI0001203') D User 10A Const