TAA Tools
RTVMSKPWD       RETRIEVE MASKED PASSWORD               TAASEGQ

The  Retrieve  Masked  Password tool  provides  a  command  to  mask  a
password  (CHGMSKPWD)  and  a command  to  retrieve  a masked  password
(RTVMSKPWD).   The password  is translated to  different characters and
the positions are  rearranged within  a 256 byte  field in the  MSKPWDP
file in TAASECURE.   The tool may  be used for a variety  of needs such
as batch functions that require a password.

The  function could also  be used  if you wanted  a menu  option for an
end user that  allows STRPASTHR (could  also be TELNET).   Rather  than
prompting for the  command to allow the  user to enter a  password, the
command could be invoked with a password entered.

For  the best  security, keying  in the  password interactively  is the
best choice.

A typical example where a password  is required in a batch function  is
with  the use  of FTP.    If you  have  a regular  FTP  job, you  might
consider packaging  the commands to  simplify the usage.   FTP requires
that  a user profile  and a password  be entered as  an FTP subcommand.
To provide  a  standard batch  function, you  typically  need a  source
member  which would  contain  the subcommands.    Attempting to  secure
this  source  member so  that  no one  could  see the  password  can be
difficult or impossible.

Instead of using FTP directly, a  better choice would be to use one  of
the TAA FTP front end commands:

            FTP2
            SAVSNDL
            SBMSAVSNDL
            RSTSNDL

The  TAA front  end commands  make it  much simpler  to use  FTP.   All
functions  needed including the  password are  specified as parameters.
The subcommands are  generated internally  and mask  the complexity  of
FTP.

A typical program to submit to batch would be:

            PGM
            SAVSNDL   LIB(aaa) RMTSYS(bbb) RMTUSER(ccc)
                        RMTPWD(ddd)
            ENDPGM

This would save  the specified library to  a save file and  transmit it
to  the remote system.   By default,  a save file  of the same  name as
the library would be placed in the TAAWORK library.

Instead  of hard  coding your  password for  the RMTPWD  parameter, you
would specify:

            PGM
            DCL       &PASSWORD *CHAR LEN(10)
            RTVMSKPWD PASSWORD(&PASSWORD)
            SAVSNDL   LIB(aaa) RMTSYS(bbb) RMTUSER(ccc)
                        RMTPWD(&PASSWORD)
            ENDPGM

By using RTVMSKPWD,  the source  may be seen  my anyone without  giving
your password away.

Because  the   SAVSNDL  command  specifies  the   RMTPWD  parameter  as
DSPINPUT(*NO),  the password  will not  appear in the  job log  even if
LOGCLPGM(*YES) is specified for the job.

To use  the RTVMSKPWD  command,  you must  have entered  the  CHGMSKPWD
command.  See the section on 'Getting started'.

Using RTVMSKPWD  is not  as safe  as system  passwords.  However,  when
using  a  TAA FTP  command,  the approach  is  considerably  safer than
storing a password in a source member.  See the later discussion.

Note that  the  same  approach  could  be  used  with  the  system  FTP
command, but  modifying a subcommand  would require  significantly more
work.

When a TAA  FTP command is used in  an interactive job, the subcommands
are  generated into  a file  in QTEMP.   The password  does not appear.
If  a  TAA  FTP command  is  used  in  batch  a  spooled  file  of  the
subcommands is output, but does not contain the password.

You could make  the approach more secure by having  a unique profile on
the  remote system that  could not  be signed onto.   Using  FTP on the
remote system causes a batch job.

Valid passwords
---------------

Valid passwords must begin with A-Z  in the first character and be  A-Z
or 0-9  in the  2nd-10th characters.   Embedded  blanks are not  valid.
Note that the special characters # $ @ _ are not valid.

Up  to 99 masked passwords  per user may  be entered.   This allows the
same user  to  have  communicate  with  different  systems  where  each
system potentially has a different user profile named and password.

The  masked passwords  must  match  the  intended password  use.    For
example, if  a TAA FTP command  is to be used, the  password must agree
with  what  is used  on  the remote  system,  but may  differ  from the
password on the source system.

Object only code for RPG programs
---------------------------------

Because the  algorithm  used  for masking  should  be secure,  the  RPG
source  for  CHGMSKPWD  and  RTVMSKPWD  is not  shipped  with  the  TAA
Productivity  Tools  product.   Only  the object  code is  part  of the
product.    You   may  request  the  source   by  contacting  the   TAA
Productivity Tools  owner if  you are  the technical  representative of
your organization.

Getting started
---------------

Any user may enter the CHGMSKPWD command.

            CHGMSKPWD   PASSWORD(xxx)

The  PASSWORD value will  not be seen  when entering using  the command
prompter nor will the value appear in the job log.

The PWDNBR parameter  defaults to 1.   Entering a  PWDNBR value  allows
the storing  of up to  99 masked passwords  per user.   The appropriate
PWDNBR must be specified when RTVMSKPWD is used.

If no  record exists for  the user and  the PWDNBR value,  a new record
is added.

Each   time  CHGMSKPWD  is  used  with   the  same  PWDNBR  value,  the
corresponding record in  the MSKPWDP file  is significantly changed  in
the MSCHAR  field where the  password is masked.   This occurs  even if
the same password is entered.

To retrieve a masked password, use RTVMSKPWD in a CL program:

            DCL         &PWD *CHAR LEN(10)
             .
            RTVMSKPWD   PASSWORD(&PWD)

RTVMSKPWD  only operates  for the  current user  profile (you  can only
retrieve a  masked  password  for  your own  profile).    The  optional
PWDNBR parameter  defaults to  1 and allows  you to  retrieve up  to 99
masked passwords.

Maintaining the MSKPWDP file
----------------------------

The  MSKPWDP file  in TAASECURE  should  be periodically  maintained to
remove old records that  are no longer needed.   The MTNMSKPWD  command
is provided which  will delete old records  that have not been  used in
N days.

Note that  when a password is  added, the update date  (MSUPDD) and the
last used date (MSUSED) will be the same.

Writing a secure program
------------------------

The  value retrieved for a  RTV command will not  appear in the job log
even if  LOG(4 0  *SECLVL)  is specified.   You  should  avoid using  a
retrieved password on a command such as SNDPGMMSG.

If  you use  the  password  on a  TAA  FTP front  end  command such  as
SAVSNDL, the password will not appear in the job log.

For  tight security, remove the observability  of the program that uses
RTVMSKPWD with the CHGPGM command:

             CHGPGM     PGM(xxx) RMVOBS(*ALL)

Security considerations
-----------------------

The MSKPWDP file  in TAASECURE  can be  seen by any  user with  *ALLOBJ
special authority.   Determining  the users password  from the  data in
the MSCHAR field would be very difficult, but not impossible.

The  bigger  exposure is  having  a  user write  a  program  that would
retrieve a password  and run it  under the user profile  that he  wants
to access the password for.

It is  recommended that  any programs  with RTVMSKPWD  be changed  with
CHGPGM RMVOBS(*ALL) to prevent debugging.

CHGMSKPWD escape messages you can monitor for
----------------------------------------------

None.  Escape messages from based on functions will be re-sent.

RTVMSKPWD escape messages you can monitor for
----------------------------------------------

      TAA9891    No masked password exists for the user/PWDNBR

Escape messages from based on functions will be re-sent.

MTNMSKPWD escape messages you can monitor for
----------------------------------------------

None.  Escape messages from based on functions will be re-sent.

CHGMSKPWD Command parameters                          *CMD
----------------------------

   PASSWORD      The  password  to be  masked.    It may  be  up to  10
                 characters  in  length and  must  begin with  a letter
                 A-Z.   The 2nd-10th  characters must be  a letter  A-Z
                 or a number 0-9.  No embedded blanks must exist.

                 Note  that the  special characters  #  $ @  _ are  not
                 valid.

                 If  no record exists  for the current  user and PWDNBR
                 value, a new  record is added to  the MSKPWDP file  in
                 TAASECURE.    If  a  record   already  exists,  it  is
                 changed.

   PWDNBR        The  password  number to  be  added or  changed.   The
                 default is 1.  A number from 1-99 may be entered.

RTVMSKPWD Command parameters                          *CMD
----------------------------

   PWDNBR        The password number to be  retrieved.  The default  is
                 1.   A  number from  1-99 may  be entered.   A  record
                 must exist  in the MSKPWDP  file in TAASECURE  for the
                 user and PWDNBR value.

   PASSWORD      The  password to be returned  for the current user and
                 PWDNBR value.    This  is a  required  parameter  that
                 must be specified as *CHAR LEN(10).

MTNMSKPWD Command parameters                          *CMD
----------------------------

   RTNDAYS       The number  of days to  retain records for  since they
                 have  last been used.   The  default is 1000  days.  A
                 value between 1 and 9999 may be entered.

Restrictions
------------

The RTVMSKPWD command may only be used in a CL program.

Because the algorithm used  for masking should  be secure, the tool  is
shipped as  object code only (no  source exists) for the  RPG programs.

Prerequisites
-------------

The following TAA Tools must be on your system:

     ABORT           Abort
     ADDDAT2         Add date
     CHKALLOBJ       Check *ALLOBJ special authority
     EDTVAR          Edit variable
     GENRANNBR       Generate random number
     RTVDAT          Retrieve date
     SNDCOMPMSG      Send completion message
     SNDESCINF       Send escape information
     SNDESCMSG       Send escape message
     SNDJLGMSG       Send job log message

Implementation
--------------

None, the tool is ready to use.

Objects used by the tool
------------------------

   Object        Type    Attribute      Src member    Src file
   ------        ----    ---------      ----------    ----------

   CHGMSKPWD     *CMD                   TAASEGQ       QATTCMD
   RTVMSKPWD     *CMD                   TAASEGQ2      QATTCMD
   MTNMSKPWD     *CMD                   TAASEGQ2      QATTCMD
   TAASEGQC      *PGM       CLP         TAASEGQC      QATTCL
   TAASEGQC2     *PGM       CLP         TAASEGQC2     QATTCL
   TAASEGQC3     *PGM       CLP         TAASEGQC3     QATTCL
   TAASEGQR      *PGM       RPG
   TAASEGQR2     *PGM       RPG
   TAASEGQP      *FILE      PF          TAASEGQP      QATTDDS

The  source  for  TAASEGQR  and  TAASEGQR2  is  not  shipped  with  the
product.

Structure
---------

CHGMSKPWD   Cmd
   TAASEGQC   CL pgm
     TAASEGQR   RPG Pgm - Object code only

RTVMSKPWD   Cmd
   TAASEGQC2  CL pgm
     TAASEGQR2  RPG Pgm - Object code only

MTNMSKPWD   Cmd
   TAASEGQC3  CL pgm
					

Added to TAA Productivity tools July 15, 2006


Home Page Up to Top