Our customer demands that all users of the sytem, also devellopers who work with the Gedi, are asked to renew their password after an expiration time.
For the main users of the application we already managed to do so in the loginpanel of the project, but we can't find where the user validation is done when starting the Gedi.
Can somebody tell us where to chech the password expiration when starting the Gedi, or is this in the encrypted code.
Renew Gedi password (root) after expiration time
- ArdMolenaar
- Posts:7
- Joined: Mon Mar 05, 2012 2:33 pm
Renew Gedi password (root) after expiration time
- kilianvp
- Posts:443
- Joined: Fri Jan 16, 2015 10:29 am
Re: Renew Gedi password (root) after expiration time
Its not possible the password dialog is not a normal panel
- jmad
- Posts:14
- Joined: Fri Sep 29, 2017 8:37 am
Re: Renew Gedi password (root) after expiration time
One opportunity from WinCC OA 3.16 on is to enable the project (even when doing engineering) for server side authentication. When doing so, each UI (including GEDI) requires a login which is then done by the common login framework.
For enabling server side authentication please refer to online help section Special Functions --> Security --> Authentication --> Server-side Authentication for UI Managers
BR. Jorgen Mad
For enabling server side authentication please refer to online help section Special Functions --> Security --> Authentication --> Server-side Authentication for UI Managers
BR. Jorgen Mad
- leoknipp
- Posts:2928
- Joined: Tue Aug 24, 2010 7:28 pm
Re: Renew Gedi password (root) after expiration time
There is no need to use exactly the "root" user in GEDI.
Instead of using the "root" user for the configuration (GEDI, PARA) you can also use a "normal" user which has the required permissions.
Best Regards
Leopold Knipp
Senior Support Specialist
Instead of using the "root" user for the configuration (GEDI, PARA) you can also use a "normal" user which has the required permissions.
Best Regards
Leopold Knipp
Senior Support Specialist
- Gertjan van Schijndel
- Posts:634
- Joined: Mon Aug 02, 2010 10:37 am
Re: Renew Gedi password (root) after expiration time
You could start the gedi without logging in (with '-user :') and start a login panel from a gedi extension script (for example: /scripts/gedi/login_ext.ctl).
- ArdMolenaar
- Posts:7
- Joined: Mon Mar 05, 2012 2:33 pm
Re: Renew Gedi password (root) after expiration time
Thx all for your reply,
Hi Gertjan, i think your solution is the most useful.
In the extention script I now check the exipration date of the current user's password and if expired a new UI to a "change password" panel is openend and the GEDI is closed.
Hi Gertjan, i think your solution is the most useful.
In the extention script I now check the exipration date of the current user's password and if expired a new UI to a "change password" panel is openend and the GEDI is closed.
- leoknipp
- Posts:2928
- Joined: Tue Aug 24, 2010 7:28 pm
Re: Renew Gedi password (root) after expiration time
For your application you have to take into account that if someone is changing the password for the "root" user the other users cannot log on with the "root" user as long the changed password is not shared.
Therefore it still might be the better solution that every user logs on with his own account instead of using the "root" user.
Best Regards
Leopold Knipp
Senior Support Specialist
Therefore it still might be the better solution that every user logs on with his own account instead of using the "root" user.
Best Regards
Leopold Knipp
Senior Support Specialist
- ArdMolenaar
- Posts:7
- Joined: Mon Mar 05, 2012 2:33 pm
Re: Renew Gedi password (root) after expiration time
That's true and that's already how we do it. I mentioned root because it's the deafault login for the GEDI. In our case root user will be disabled.