4. | Substitute <OC_Admin_ID> and <OC_Admin_Password> with your correct values into the script shown below: STRG=`/opt/rsa/am/utils/rsautil manage-secrets -a get com.rsa.db.dba.password -u <OC_Admin_ID> -p <OC_Admin_Password>` # echo $STRG PGPASSWORD=`echo $STRG | cut -d' ' -f2` export PGPASSWORD # echo $PGPASSWORD . /opt/rsa/am/utils/rsaenv /opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba |
..and copy and paste the amended script into the editor on your virtual appliance. Save the new shell script called SQL.sh. Uncommenting the echo lines in the script reveals the parameters allowing for troubleshooting (should it be needed). Example: rsaadmin@am81p:/opt/rsa/am/utils> ./SQL.sh com.rsa.db.dba.password: vDBh1Rb005S7nX9t304v8jy3eHFFGI vDBh1Rb005S7nX9t304v8jy3eHFFGI psql.bin (9.2.4) SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256) Type "help" for help. db=# |
|
7. | Now we can run SQL statements to review table information in the authentication manager database.. Substitute <token_serial_number> with the actual serial number of the token (including any leading zeros) e.g. 000233022518 Viewing a single token select id, serial_number, replacement_mode, replace_token_sn, tokenreplace_updated_date from rsa_rep.am_token where serial_number = '<token_serial_number>'; Example: rsaadmin@am81p:/opt/rsa/am/utils> ./SQL.sh psql.bin (9.2.4) SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256) Type "help" for help. db=# select id, serial_number, replacement_mode, replace_token_sn, tokenreplace_updated_date from rsa_rep.am_token where serial_number = '000233022518'; id | serial_number | replacement_mode | replace_token_sn | tokenreplace_updated_date ----------------------------------+---------------+------------------+------------------+--------------------------- 7e68e26f271c200a1c3746aa5b14ca94 | 000233022518 | 0 | | (1 row) db=# |
Updating a single token SQL : update rsa_rep.am_token set replacement_mode = 0, replace_token_sn = null, tokenreplace_updated_date = null where serial_number = '<token_serial_number>'; Example: rsaadmin@am81p:/opt/rsa/am/utils> ./SQL.sh psql.bin (9.2.4) SSL connection (cipher: DHE-RSA-AES256-SHA, bits: 256) Type "help" for help. db=# update rsa_rep.am_token set replacement_mode = 0, replace_token_sn = null, tokenreplace_updated_date = null where serial_number = '000233022518'; UPDATE 1 db=# |
Exiting db=# Use the ?\q? sequence to return to the command line Example: db=# \q rsaadmin@am81p:/opt/rsa/am/utils> |
|
8. | Logon to the RSA Security Console with an administrative account and unassign the token from the user. RSA Security Console > Authentication > SecurID Tokens > Manage Existing ? search for the token in question using the token serial number (i.e. Serial Number contains <token_serial_number>) The token will become an unassigned, disabled token in the RSA Security Console in readiness to be assigned to a new user (or back to the same user as before). NOTE: software tokens need to be distributed after being assigned to a user. |