Changing Expired Password in Atrium



Atrium has the ability to handle expired passwords, but by default, this functionality is turned off. For consistency between releases, customers must specifically enable this feature, but doing so is extremely simple.

Configuring Password Handling

This feature is controlled by a data area in your installation directory, most commonly PROFOUNDUI. The data area name is PUIPWDMGT. This data area contains a single character code to control what level of password change functionality is available. The codes are as follows:

  • '0' - This is the default value. This code tells Profound UI that the password change functionality is disabled.

  • '1' - This code instructs Profound UI that password changes are only allowed once a user's password is about to expire.

  • '2' - This code lets a user's password be changed at any time.

Turning on password handling is as simple as changing the value in PUIPWDMGT to a value other than '0'. For example, if you wanted to enable only expired password handling, you would use the CHGDTAARA command from the IBM i command line like this:

CHGDTAARA DTAARA(PROFOUNDUI/PUIPWDMGT) VALUE('1')

Expired Password Handling

When PUIPWDMGT is set to any value other than '0' and a user signs on, Atrium will automatically check to see if the user's password is expired or within the warning period. This warning period is normally controlled by the QPWDEXPWRN system value, but can be overriden at the user profile level. If you are running V5R4 or earlier, there is no QPWDEXPWRN system value and a value of 7 days is used instead.

If the user's password has already expired, the following window is displayed:

The html file that this 'Change Password' window is located here:

/www/profoundui/htdocs/profoundui/userdata/html/change_password.html

Because this html file will be overwritten after a Profound UI upgrade, we do not suggest modifying this file directly if you want to make changes to this screen. Instead, you should copy this file, rename the copy (you can rename this to whatever you'd like) and then change your instance's httpd.conf file to point to the new copy of the file. This will ensure that your 'Change Password' screen does not get overwritten by the upgrade process. You can find the httpd.conf file here: /www/instanceName/conf/httpd.conf. In your configuration file, you should see a line that looks like this: 

Alias /profoundui/changepass /www/profoundui/htdocs/profoundui/userdata/html/change_password.html

You'll want to change this line to point to your new 'Change Password' html file instead of the default change_password.html file. This will use your modified version of the file and you won't need to worry about the file being overwritten. Of course, after any change made to the httpd.conf, you'll need to restart your Profound UI instance to see the change. It's also important that you do not check the 'HTTP Configuration' option when you are upgrading your instance, as this will overwrite your httpd.conf changes.

Allowing password change at any time

If you want users to be able to change their password at any time, make sure the PUIPWDMGT data area is set to '2', then create an Atrium menu item as shown: