I implemented a web page on VM that uses a corporate single sign on and one-time password server that acts as a proxy.
If you come to my password reset page the wrong way, it redirects the browser to the SSO page. Once authenticated that proxy adds some useful headers to the https request. When my page finally gets the request it sees the info added by the proxy and puts up a page listing all userids owned by that person and let’s them provide a new password for one or any/all of them in one shot. It also unlocks various “terminal lockout” conditions. The web server id that handles that uses a Diag A0 subcode 60 (vmsecure) to effect the change. It is also configured to allow the change without the current password. That allows people to reset forgotten passwords or set an initial password for newly created userids. One caveat…. We have a global workforce and sometimes the ascii/ebcdic translation is different than their terminal emulator. That results in setting the password fine for web access things but failing for 3270 emulation things. I haven’t taken the time to sort that out yet. It’s a minor issue. Don On Tue, Aug 16, 2022 at 14:34 Steely.Mark <steely.m...@aaa-texas.com> wrote: > Does your site use a Self Help Password Reset Tool for RACF or TSS ? > > We would like the customer to be able to perform this function without > involving the Help Desk. > > Any suggestions ? > > Thank You > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
