This might seem like a strange request, but we are in serious need of some data cleanup so we can implement a central password change utility that will update a variety of passwords (network, Notes and Domino (web) among other systems)
We have a database with user passwords, we have a database with user IDs. We know that many of our passwords do not match the ID… I will spare you all the details of our evolution in registration, mutliple domains, etc over the last 8 years. What I’m after is some automated way to check profile #1’s password against profile #1’s ID… profile #2’s password against Profile #2’s ID… just mark the good ones complete and leave the rest to review.
Perhaps that easily be extended to check profile #1’s ID against a list of potential passwords - I could plug in the random one we HOPE works with a string of default passwords that were used over the years and make note of the good one.
Something like this would be a huge time saver. We have the data, we know a lot of it is bad, but if we could quickly figure out which ones are good and avoid spending time verifying that, it would be great. The data is stored in 2 different databases, unique IDs link records… we just need a tool to take all the extra hours of out of the process.
We have inhouse Notes developers, but the initial reaction was that it can’t be done. Anybody else want to second that notion or do you have a different take?
Subject: Automated way to check IDs against passwords
As there is no way to retrieve the password from an ID files (because it is not stored in there), I don’t see how this could be possible, regardless of the technology used.
Maybe except for implementing a Notes password cracker …
Subject: Automated way to check IDs against passwords
go to helpsoft.com and check out ID Manager. In there is a utility that can check to see if a known password is valid or not. I think it tries to do a switch ID in the backend or something like that. It’s not very costly but if you don’t need the full functionality perhaps the developer could provide you with a custom utility to do only what you need. We use the full product and love it. It’s great for ID Management if you want to delegate that task to non admins without giving them full access to your address book and certifier passwords.
Subject: RE: Automated way to check IDs against passwords
Ah, thanks for the response. I’ll check out helpsoft.
Just to clarify the process we have a database with documents for each user’s ID file. We have a database with documents that list each u ser’s password (and in some case alternatives)
We don’t have an entirely accurate list. Some users have IDs and had profiles created for other reasons … so a profile was generated with a random password, but they were already registered for Notes (different sites would register them) making it unncessary to set an ID using that password. Years later we can’t tell which were accurate or not. Not to mention the users came from 1 of 3 different domains, some were recertified, some moved.
If you could just run some code against a database that could open record #1 in the ID database and grab the ID, then try the password in record #1 in the password database against it, if it fails, try a second or third (if they exist) password, etc… once those are exhausted, go to the next. Just make note of matches.
I know that technically this kind of stuff will work. We have a password system we’re implementing that pretty much does exactly this, but it’s not set to run down a list and/or flag us if there is no match. It just acts on one user, grabs the ID and password, switches to those and will then be able to update the password for the user.
That is assuming what we have stored is accurate!!
Subject: Automated way to check IDs against passwords
This is very simple to accomplish in Lotusscript using two CAPI calls (SECKFMOpen, SECKFMClose). My guess is that it would require no more than 15 lines of code to write a function that checks a password to an ID file on disk including declarations for the API calls.
Seems that your inhouse Notes developers are a bit afraid of touching the C API (which is not rocket science, really)
Declare Public Function API_SECKFMOpen Lib “nnotes” Alias “SECKFMOpen”(handle As Long, Byval path As String, Byval password As String, Byval flags As Long, Byval reserved1 As Long, Byval reserved2 As Long) As Integer
Declare Public Function API_SECKFMClose Lib “nnotes” Alias “SECKFMClose”(handle As Long, Byval flags As Long, Byval reserved1 As Long, Byval reserved2 As Long) As Integer
Function CheckPassword(path As String, password As String) As Boolean
' Declarations
Dim result As Integer
Dim handle As Long
' Error trapping (really important)
On Error Goto Handler
' Default result
CheckPassword=False
' Open the ID file with the given data
result=API_SECKFMOpen(handle, path, password, 0, 0, 0)
' Check the return code
If ((result And &h3fff%)=0) Then
' ID File opened properly
CheckPassword=True
End If
Handler:
' Clean up after ourselves
If (handle<>0) Then
' Attempt to close the handle
result=API_SECKFMClose(handle, 0, 0, 0)
End If
End Function
Sub Initialize
' Declarations
Dim result As Boolean
' Test
result=CheckPassword("C:\path\to\id\file.id", "yourpassword")
' Show result
If (result) Then
Print "Password OK"
Else
Print "Password wrong"
End If
Bram - thanks again for the code we’re now in the process of validating. Just an FYI, you are penalized when testing mutliple passwords, since we know 2 (the one stored and one very common default!) are likely to get most of our hits, we’re going to run those two against the IDs.
(which is not rocket science, really)