× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. June 2005

Re: Profile self-service

If they can't get into e-mail to retreive the password, it wouldn't work 
a-tall. . . but, then again, if they've disabled both their OS/400 profile 
*and* their Notes profile, they should be flogged . . . and they probably 
need the personal attention that they would receive from a help desk call . 
. .

Steve

<rob@xxxxxxxxx> wrote in message 
news:OFC65427F0.CDEA1522-ON05257015.0060CEA9-05257015.0060DCF9@xxxxxxxxxxxx
> Steve,
>
> How would that work for resetting their Notes password to get into their
> corporate email?
>
> Rob Berendt
> -- 
> Group Dekko Services, LLC
> Dept 01.073
> PO Box 2000
> Dock 108
> 6928N 400E
> Kendallville, IN 46755
> http://www.dekko.com
>
>
>
>
>
> "Steve McKay" <mckays@xxxxxxxxxxx>
> Sent by: midrange-l-bounces@xxxxxxxxxxxx
> 06/03/2005 11:06 AM
> Please respond to
> Midrange Systems Technical Discussion 
> <midrange-l@xxxxxxxxxxxx>
>
>
> To
> midrange-l@xxxxxxxxxxxx
> cc
>
> Subject
> Re: Profile self-service
>
>
>
>
>
>
> Mike -
>
> Actually, the entire process is not terribly difficult to create yourself
> using Apache, RPG, and a few HTMLs or you could create a RESET user that
> could only be used to reset passwords or re-enable user profiles.  You'd
> have to 'publish' the password so users could get in and they would be
> disabling that user profile continually (after all, if they can't remember
>
> their own password, how are they going to remember that one?) but there
> are
> things you can do to alleviate that.
>
> Should you attempt this, I suggest that you allow your users to re-enable
> a
> disabled user ID but, in the process, change their password (generate it
> yourself) and e-mail it to the user's corporate e-mail address.  You could
>
> use the same process for forgotten passwords.  This would ensure that your
>
> operators are not changing user profiles and that passwords are
> transmitted
> only on your corporate network and, if a bad person is trying to get a
> password, they would also have to have access to the e-mail of one of your
>
> employees.  Of course, this supposes that all of your employees have
> e-mail
> and that you provide the e-mail infrastructure in-house.
>
> Also, consider formulating your questions such that you can compare the
> answers provided against your corporate files rather than allowing the
> employee to provide  the answer to the question in advance.  In other
> words,
> ask for Social Security number and compare against your HR file rather
> than
> asking the employee to provide you with the name of his/her favorite pet
> today so your can ask that question tomorrow to verify their ID.
>
> I have a RPGLE program that will generate a random password and a "reset
> user profile and/or password" CL program that I will contribute if you
> decide that you want to go down the do-it-yourself road.
>
> HTH,
>
> Steve
>
> <Mike.Crump@xxxxxxxxxxxxxxxx> wrote in message
> news:OF14FB0CDD.CBD90FA3-ON05257015.004A9A87-05257015.004C005B@xxxxxxxxxxxxxxxxxx
> .
>>
>> I think the issue over security comes down to the environment of
> challenge
>> questions.  And when we look at the help desk now the nuisance security
>> calls are way high.  A year ago 40% of our calls were printer related,
>> another 40% were security related.  Through new printers, proper afp
>> resource settings, and IBM's MarkVision we have eliminated over 80% of
> our
>> printer calls.  That's good but now we are really skewed with security
>> related calls - they make over 60% of our calls now - and the majority
> are
>> password change problems, account lockouts, password resets, etc.  A
>> person
>> calls in needing assistance.  Right now today we have an idea of who
> they
>> are but we do not authenticate them.  Our parent company says we have to
>> using challenge questions - so, I'm extending that requirement and
> saying
>> that using that authentication method in a self-service environment is
> the
>> most beneficial.
>>
>> Having said that I believe that the challenge system has to be somewhat
>> robust.  Unfortunately if it's to difficult it can the results can be
> the
>> exact opposite of what you want.  I've got a restriction on my credit
>> profile - damn, I almost can't answer the questions to get through but
>> that's another story.
>>
>> I think the self-service system also has to have very robust controls -
>> only so many actions within a given time frame, good reporting, and good
>> messaging.
>>
>> If all of these things are met I think it is possible to provide a
> secure
>> environment that improves customer service (and hopefully satisfaction)
>> and
>> reduces nuisance type calls to the help desk.  If I can do that then the
>> night creatures are happy, my help desk people are happy, and the
>> customers
>> are happy.
>>
>> A good SSO environment would go a long way to reducing this but that's
> not
>> entirely possible in our environment....and even with SSO I think I
> would
>> still want some sort of function available for the domain access.
>>
>>
>>
>>
>>
>>
>>
>>             rob@xxxxxxxxx
>>
>>             06/02/2005 11:54 To
>>             PM                        Midrange Systems Technical
>>                                       Discussion
>>
>> <midrange-l@xxxxxxxxxxxx>
>>             Please respond to cc
>>             Midrange Systems
>>                 Technical Subject
>>                Discussion             Re: Profile self-service
>>             <midrange-l@midra
>>                 nge.com>
>>
>>
>>
>>
>>
>>
>>
>> I don't think it defeats the purpose for a security officer or
>> administrator.  Ever use a web site with a password?  Now, figure you're
> a
>> nation wide bank with 2 million customers.  Now how many Pakistanis
> would
>> you have to employ just to reset user's passwords?  And wouldn't they
> ask
>> the same sort of questions that a good program could ask?  Mother's
> maiden
>> name or some such thing.  That's the purpose of a good challenge
> question
>> system.
>>
>> We've analyzed our help desk calls for our internal users.  A vast bulk
> of
>> the calls fit two categories:  Resetting printer writers, and, resetting
>> passwords.  We've tackled the first and now it's time to move on to the
>> second.  We were looking at adding another help desk person.  Sad to see
>> this not happen.  Gal we had in mind lives about two miles away and is
>> dying to get back in to programming after her layoff from another
> company.
>> With the economy the way it is, this looked like the best way to sneak
>> another person in.  Start her out at the help desk and move her into
>> programming.
>>
>> Rob Berendt
>> --
>> Group Dekko Services, LLC
>> Dept 01.073
>> PO Box 2000
>> Dock 108
>> 6928N 400E
>> Kendallville, IN 46755
>> http://www.dekko.com
>>
>>
>>
>>
>>
>> ron_adams@xxxxxxxxxxxxxx
>> Sent by: midrange-l-bounces@xxxxxxxxxxxx
>> 06/02/2005 04:11 PM
>> Please respond to
>> Midrange Systems Technical Discussion
>> <midrange-l@xxxxxxxxxxxx>
>>
>>
>> To
>> Midrange Systems Technical Discussion
>> <midrange-l@xxxxxxxxxxxx>
>> cc
>>
>> Subject
>> Re: Profile self-service
>>
>>
>>
>>
>>
>>
>> I'm not sure if this necessarily fits the bill for your issue, but I
> wrote
>>
>> a password reset utility a while back that would allow a manager
> (*SECADM)
>>
>> to reset a disabled user profile.
>> It will allow them the choice also of resetting the password to default
>> which is the same as the user id.
>> I set it up with object authority so that only those I specified could
> run
>>
>> it and that they could only change a user profile if the user did not
> have
>>
>> any of the following attributes, *ALLOBJ, *SECADM, *SPLCTL or *SERVICE .
>> Also,  I set it up so it will also send me a message when it's executed.
>>
>> I can send you a copy if you think it will help.
>>
>> As for self service, I would think something like this would be too
> risky
>> and/or difficult to set up. It also defeats the purpose for a security
>> officer or administrator.
>>
>> Ron Adams
>>
>>
>>
>>
>>
>> Mike.Crump@xxxxxxxxxxxxxxxx
>> Sent by: midrange-l-bounces@xxxxxxxxxxxx
>> 06/02/2005 03:31 PM
>> Please respond to Midrange Systems Technical Discussion
>>
>>
>>        To:     midrange-l@xxxxxxxxxxxx
>>        cc:
>>        Subject:        Profile self-service
>>
>>
>> I'm working on two possibilities but was wondering if anyone was
> familiar
>> with a software package that:
>>
>> 1.)  Verifies user identity through a series of challenge questions and
>>
>> 2.)  Allows them to change/reset/unlock their account.
>>
>> NetIQ (ie Pentasafe) has something close with their Vigilent and
>> PSPasswordManager products but I don't think all the pieces are there.
>>
>> Triaworks (Powerlock) might have something if TIM PM ever sees the
>> sunlight
>> of GA.....
>>
>> http://www.triaworks.com/downloads/TIM%20PM%20Datasheet.pdf
>>
>> Due to constraints beyond my control we will be on a NT 4.0 domain for a
>> while so a good SSO solution may not be in my near future.  I'm looking
> at
>> some other types of reduced SO options but in the mean time need to
>> investigate this.  Even if I can't do self service my audit/parent
> company
>> (ie: those bloodsucking night creatures without a real job) demands will
>> necessitate that we maintain a challenge question database for my end
>> users
>> so that we can correctly identify John Smith and not be socially
>> engineered.  So, my drop back position is to have an application that
>> allows me to setup, manage, and identify end users by challenge
> questions.
>>
>>
>>
>> Michael Crump
>> Manager, Computing Services
>> Saint-Gobain Containers
>> 1509 S. Macedonia Ave.
>> Muncie, IN  47302
>> (765)741-7696
>> (765)741-7012 f
>> (800)428-8642
>>
>> "The probability that we may fail in the struggle ought not to deter us
>> from the support of a cause we believe to be just"  Abraham Lincoln
>>
>>
>>
>>
>> --
>> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
>> list
>> To post a message email:
>> MIDRANGE-L@xxxxxxxxxxxx
>> To subscribe, unsubscribe, or change list options,
>> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
>> or email: MIDRANGE-L-request@xxxxxxxxxxxx
>> Before posting, please take a moment to review the archives
>> at http://archive.midrange.com/midrange-l.
>>
>>
>>
>> --
>> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
>> list
>> To post a message email:
>> MIDRANGE-L@xxxxxxxxxxxx
>> To subscribe, unsubscribe, or change list options,
>> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
>> or email: MIDRANGE-L-request@xxxxxxxxxxxx
>> Before posting, please take a moment to review the archives
>> at http://archive.midrange.com/midrange-l.
>>
>>
>> --
>> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
>> list
>> To post a message email:
>> MIDRANGE-L@xxxxxxxxxxxx
>> To subscribe, unsubscribe, or change list options,
>> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
>> or email: MIDRANGE-L-request@xxxxxxxxxxxx
>> Before posting, please take a moment to review the archives
>> at http://archive.midrange.com/midrange-l.
>>
>> -- 
>> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
>> list
>> To post a message email:
>> MIDRANGE-L@xxxxxxxxxxxx
>> To subscribe, unsubscribe, or change list options,
>> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
>> or email: MIDRANGE-L-request@xxxxxxxxxxxx
>> Before posting, please take a moment to review the archives
>> at http://archive.midrange.com/midrange-l.
>>
>>
>
>
>
> -- 
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
> list
> To post a message email: 
> MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>
> -- 
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing 
> list
> To post a message email: 
> MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.