000027929 - KB-1547 How to change default passwords on a Version 5&6 RSA Via L&G appliance?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000027929
Applies To


This information applies to all version for the Appliance user passwords.
It only applies to Pre-V7 Jboss servers.
Review the specific Application Version Documentation for guidance on changing database and application account passwords

Product:  Aveksa ACM  aka  RSA IMG  aka RSA Via L&G

IssueThe ACM Installation Guide references being able to change customer provided database account passwords. Can I change these account passwords on an appliance??
Resolution

UNIX OS Login Accounts:


The default (and only) UNIX login accounts provided on on an Aveksa Appliance are root, admin, and oracle. The passwords for these account can be updated as customers require, using the appropriate UNIX passwd command.


 



Pre 7.0:


Aveksa ACM Application Accounts: (Note: This information is now included in the Version Specific Installation guide.)


 


The default Aveksa Application accounts on an Appliance are: AVUSER, AVDWUSER and ACMDB.   There is an additional account, PERFSTAT that is created on an appliance, and is an optional account for remote databases where the end-user setsup the database.  These accounts are referenced (unencrypted) in the Aveksa_System.cfg file, in a jboss login xml file (encrypted), in the setDeployEnv.sh file during Unix user login (unencrypted) and are accounts to access the Oracle instance. The steps required to change these passwords on an appliance are as follows:



1) Stop the Aveksa Server


2) Generate an encrypted password value for each password you wish to change. To do this, log into the appliance as the oracle user (this ensures that the environment is setup correctly), change your default directory to jboss and execute the java command shown below.. Note that this java command line is quite long.. and intended to be entered all on the same line. It is broken up into two lines (after the <enter space>) here, for ease of reading. The existing encrypted password is shown in the examples below. This would be replaced with the new encrypted password value generated by this command.



$ cd /home/oracle/jboss
$ java -cp lib/jboss-common.jar:lib/jboss-jmx.jar:server/default/lib/jbosssx.jar:server/default/lib/jboss-jca.jar <enter space>
org.jboss.resource.security.SecureIdentityLoginModule <unencrypted-password>



3a: To change the AVUSER password:


 


3a1. Update the AVEKSA_PASS setting in /home/oracle/Aveksa_System.cfg with the unencrypted password.


3a2. Update the occurrences (there could be more than one) of AVUSER passwords in /home/oracle/jboss/server/default/conf/login-config.xml with the encrypted value


<module-option name="username">avuser</module-option>
<module-option name="password">-91f121c430503dd</module-option>


3a3. Change the Oracle database password for the Oracle user account, using sqlplus and logging in as a sysdba user:


sql> alter user AVUSER identified by <unencrypted-password>;


 


3a4. Update the setting for DB_PASS found in /home/oracle/setDeployEnv.sh, /home/admin/setDeployEnv.sh and /root/setDeployEnv.sh with the unencrypted value.


 



3b: To change the AVDWUSER password:


 


3b1. Update the AVEKSA_REPORTS_PASS setting in /home/oracle/Aveksa_System.cfg with the unencrypted password.



3b2. Update the occurances (there could be more than one) of AVDWUSER password in /home/oracle/jboss/server/default/conf/login-config.xml with the encrypted value


<module-option name="username">avdwuser</module-option>
<module-option name="password">-65b15de74b384b26</module-option>


 


3b3: Change the Oracle database password for the Oracle user account, using sqlplus and logging in as a sysdba user:


sql> alter user AVDWUSER identified by <unencrypted-password>;


 



3c: To change the ACMDB password


 


3c1. Update the AVEKSA_REPORTS_PASS setting in /home/oracle/Aveksa_System.cfg with the unencrypted password.



3c2. Update the occurrences ((there could be more than one) of ACMDB passwords in /home/oracle/jboss/server/default/conf/login-config.xml with the encrypted value


<module-option name="username">acmdb</module-option>
<module-option name="password">-91f121c430503dd</module-option>



3c3. Change the Oracle database password for the Oracle user account, using sqlplus and logging in as a sysdba user:


sql> alter user ACMDB identified by <unencrypted-password>;



 


4d: To change the PERFSTAT password


 


4d1. Update the AVEKSA_REPORTS_PASS setting in /home/oracle/Aveksa_System.cfg with the unencrypted password.



4d2. Update the occurrences ((there could be more than one) of ACMDB passwords in /home/oracle/jboss/server/default/conf/login-config.xml with the encrypted value


<module-option name="username">perfstat</module-option>
<module-option name="password">-91f121c430503dd</module-option>



4d3. Change the Oracle database password for the Oracle user account, using sqlplus and logging in as a sysdba user:


sql> alter user ACMDB identified by <unencrypted-password>;
 


5) Start the Aveksa Server

Attachments

    Outcomes