ask/change passwort from ctrl

Post by **marcel.gay@wimag.ch** » Wed Apr 01, 2020 7:34 pm

We have a ULC UX project and we use our own developed sso handling, a customer server manages the passwords.
The customers change the passwords in their system (not in WinCC-OA)
if a customer now logs in directly via the ULC UX client and not via sso, he would like to use his password
Every authorized user is created in WinCC-OA with the same username but no longer with the same password if it was changed after a certain time

We receive the users and passwords via another interface, so we could adjust the passwords automatically
Is it possible to query and change the passwords in Wincc-OA via ctrl for every user (root is not necessary) ?

Post by **kilianvp** » Thu Apr 02, 2020 10:28 am

yes you can use "checkPassword()" to check the password and "crypt()" to create the new password and store it in "_Users.Password"

Post by **adaneau** » Thu Apr 02, 2020 11:21 am

Hi,

Just my few cents on this.

Transferring password in clear text via network is a big security thread. You will need a good encryption between WinCC OA and your third party system. Moreover this is also an exposure to MoM attacks. I wouldnt use such mechanism in sensible environment.

If you wanna delegate your auth to another system than WinCCOA, then you should have a look into "User-defined Authentication" feature. This is far more complex indeed but far more secure. It uses cpp code and overwrite winccoa auth with your own.

Best regards
Alexandre

Thu Apr 02, 2020 12:47 pm

Thanks for all the tips.
The system is running in a private network without an internet connection.
Access is only possible via VPN limited to our own machines

Post by **marcel.gay@wimag.ch** » Wed Apr 08, 2020 1:16 pm

Just a final question
I find in para the datapoint _users with "UserId", "Fullname* and "Password" and more .....
to change password there is: _Users.Password
with checkPassword I can check if the password is changed/the same
I crypt password with: passw = crypt(s_password,3);
But how I write/change a modified password (a panel/ctrl running with authorization level "root" processes this) ?
Is there à function ?

Post by **kilianvp** » Wed Apr 08, 2020 4:44 pm

Code: Select all

main()
{
  dyn_string ds_UserName, ds_Password;
  // get username and password
  dpGet("_Users.UserName", ds_UserName,
        "_Users.Password", ds_Password);
  int ret = dynContains(ds_UserName, "root");
  if (ret > 0)
  {
    // set password for user
    ds_Password[ret] = crypt("neue Passwort",3);
    // write back
    dpSet("_Users.Password", ds_Password);
  }
  else
  {
    DebugTN("can't find user");
  }
}

Post by **marcel.gay@wimag.ch** » Wed Apr 08, 2020 6:52 pm

Running perfect. Thank you !

Post by **leoknipp** » Fri Apr 10, 2020 8:53 am

If this solution with the dpSet() works depends on the version you are using.
In WinCC OA 3.17 the _Users datapoint has an _auth config which defines which users/managers are allowed to modify the dp elements.
This also applies to other internal datapoints.

You have to take this into account when trying to set internal datapoints.

Best Regards
Leopold Knipp
Senior Support Specialist

Bugs / Problems

ask/change passwort from ctrl

ask/change passwort from ctrl

Re: ask/change passwort from ctrl

Re: ask/change passwort from ctrl

Re: ask/change passwort from ctrl

Re: ask/change passwort from ctrl

Re: ask/change passwort from ctrl

Re: ask/change passwort from ctrl

Re: ask/change passwort from ctrl