000037240 - How to recover the user id or password of a read only database user from RSA Authentication Manager 8.x

Document created by RSA Customer Support Employee on Jun 5, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037240
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
  • How to recover userid or password of a read-only database user from RSA Authentication Manager 8.x when it is unknown or lost.
  • Customer has created a user for read-only access of RSA Authentication Manager database earlier but userid is now unavailable.
  • Customer does not remember the password of the read-only database user which was created earlier.
ResolutionSteps:
  1. Enable Secure shell on the RSA Authentication Manager appliance.
  2. Logon to the primary Authentication Manager 8.x server via SSH as the rsaadmin user.

Note that during Quick Setup another user name may have been selected. Use that user name to login.



  1. Navigate to /opt/rsa/am/utils.
  2. Run the command ./rsautil manage-secrets -a listall to list parameters
  3. When prompted, enter the Operations Console administrator's name and password to list the available read-only database users


login as: rsaadmin
Using keyboard-interactive authentication.
Password: <enter operating system password>
Last login: Mon Jan  9 13:07:55 2017 from jumphost.vcloud.local
RSA Authentication Manager Installation Directory: /opt/rsa/am
rsaadmin@am8xp:~> cd /opt/rsa/am/utils
rsaadmin@am8xp:/opt/rsa/am/utils> ./rsautil manage-secrets -a listall
Please enter OC Administrator username: <enter Operations Console administrator name>
Please enter OC Administrator password: <enter Operations Console administrator password>


  1. The output after running the above command successfully prints several values list to the screen.
  2. Refer to the documented keys listed below for read-only database user information such as user ID, passwords and other properties that are set when the read-only database user is created. 

Note that the passwords for the readonly.dbusers.x will be displayed in plain text.




Secrets stored in ./etc/systemfields.properties.

com.rsa.am.readonly.dbusers ...........................: readonly.dbusers.1,readonly.dbusers.2
readonly.dbusers.1 ....................................: rdbuser
readonly.dbusers.1.password ...........................: support1!
readonly.dbusers.1.props ..............................: 192.168.2.175|255.255.255.0
readonly.dbusers.2 ....................................: rouser
readonly.dbusers.2.password ...........................: Passwd01...
readonly.dbusers.2.props ..............................: 192.168.2.102|255.255.255.255

Attachments

    Outcomes