[archive] Acurcl - Modify a security record

[Migrated content. Thread originally posted on 29 April 2010]

Hi all
Is it possible to create a script that modifies a security record in /etc/AcuAccess?

Normally it is only ?root? that must run acurcl ?access, but I would like to give the user a possibility to change their own password, by saving the old and new password and using / passing this as input to acurcl.

Can this be done?

Regards
Kim

It may be possible but you'll probably need to contact support. AcuAccess is a Vision file with encryption, so it may be possible to write a COBOL program to open, read and write to it, but you would need the FD structure.

[Migrated content. Thread originally posted on 29 April 2010]

Hi all
Is it possible to create a script that modifies a security record in /etc/AcuAccess?

Normally it is only ?root? that must run acurcl ?access, but I would like to give the user a possibility to change their own password, by saving the old and new password and using / passing this as input to acurcl.

Can this be done?

Regards
Kim

It may be possible but you'll probably need to contact support. AcuAccess is a Vision file with encryption, so it may be possible to write a COBOL program to open, read and write to it, but you would need the FD structure.

[Migrated content. Thread originally posted on 29 April 2010]

Hi all
Is it possible to create a script that modifies a security record in /etc/AcuAccess?

Normally it is only ?root? that must run acurcl ?access, but I would like to give the user a possibility to change their own password, by saving the old and new password and using / passing this as input to acurcl.

Can this be done?

Regards
Kim

It may be possible but you'll probably need to contact support. AcuAccess is a Vision file with encryption, so it may be possible to write a COBOL program to open, read and write to it, but you would need the FD structure.

[Migrated content. Thread originally posted on 29 April 2010]

Hi all
Is it possible to create a script that modifies a security record in /etc/AcuAccess?

Normally it is only ?root? that must run acurcl ?access, but I would like to give the user a possibility to change their own password, by saving the old and new password and using / passing this as input to acurcl.

Can this be done?

Regards
Kim

It may be possible but you'll probably need to contact support. AcuAccess is a Vision file with encryption, so it may be possible to write a COBOL program to open, read and write to it, but you would need the FD structure.

Accessing the file from a COBOL program is possible, but won't solve the problem you're trying to solve because the password field itself is encrypted. As far as I know, the algorithm used for this isn't publicly available (and might prove difficult to implement in COBOL if it were available).

I've used a shell script to feed commands to the acurcl -access dialogue with good success. If you want something more sophisticated, you should check out the "expect" utility (http://expect.nist.gov/). Some Linux distributions come with expect already installed.

Here's a simple shell script for creating a new AcuAccess file in the current directory, and creating a record for user TestUser, from TestUser-PC, mapped to local user LocalUser, with password "SecreT123", and umask 007:


#!/bin/sh

echo "./AcuAccess"
echo "y"
echo "1"
echo "TestUser-PC"
echo "TestUser"
echo "LocalUser"
echo "SecreT123"
echo "SecreT123"
echo "007"
echo
echo "5"

exit 0


As root (or using sudo), run the script and pipe its output into acurcl -alias:

# ./testscript.sh | acurcl -alias

[Migrated content. Thread originally posted on 29 April 2010]

Hi all
Is it possible to create a script that modifies a security record in /etc/AcuAccess?

Normally it is only ?root? that must run acurcl ?access, but I would like to give the user a possibility to change their own password, by saving the old and new password and using / passing this as input to acurcl.

Can this be done?

Regards
Kim

Thanks for your input.
I?m sure I can make it work now ? perfect :)

Regards Kim