The environment is a split-tier IIS web server, BEA app server to Reporting Server 7.6 on Win2003 via https. Each component is on a separate computer. Users are authenticated to OPSYS local accounts, which are then mapped into DBA to limit data access. Each user will require their own unique id. Many of the users are external users and will not have network ids, so Active Directory is not in the mix. An RDBMS to hold the userids/passwords is also not available. The security protocol demands that the OPSYS local accounts comply with the expiring password rule. If these internal users could be added as WFRS administrators, then the console change password function could be utilized, but that cannot happen due to security constraints. Also, the Reporting Server password expiration function is only for MVS, so the users would not be receiving the warnings counting down to their password expiration, resulting in lots of expired passwords and a maintenance headache.

So, the question I have is 'how does one maintain a password on a Win2003 computer (WebFOCUS Reporting Server host computer) on which they have a local account, but they never actually log into the computer other than to run WF Reports from a url'?

This message has been edited. Last edited by: Kerry,

If there is no login, how are they running reports from a secure WF server? And if there IS some sort of log in, that's where it needs to be managed. If you're not using any of the WF interfaces (BID, MRE, etc.) you've got to come up with your own interface to manage security - possibly added on to the front of however they are getting to the URL list for the WF reports.

You should be able to put a change password page together for your users.

I believe the OLDPASWORD,NEWPASSWORD syntax should work even if the user is not a local administrator, but I could be wrong. I have not done this.

As far as managing the expiration of passwords, you would need to code something. The Reporting Server does have a different error code depending on if the password is expires, is locked out, has an invalid id, etc.

http://documentation.informati...sgcode_71/20msg2.htm

Now, returning this code in a user friendly manor to decode it... might be a challenge.

There is no way at all with WebFOCUS to change the Windows 2003 logon password.

You will need to use either an ASP or PSP approach.

In site.wfs use a simple check to see if the user can actually access the system
for instance TABLE FILE CAR etc.

If the error returned indicates a password failure redirect to
to prompt for changing the password and call the ASP/PSP. (there are plenty of examples on the web)