000014223 - How to reset the Oracle 10g admingui super user password for RSA Access Manager / RKM when the password is unknown

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 4Show Document
  • View in full screen mode

Article Content

Article Number000014223
Applies ToOracle 10g Datastore
Oracle 10g
All Unix
RSA Access Manager 6.x admingui
RKM Server Appliance
IssueAxM/RKM/Oracle 10g/how to reset the admingui super user password when the password is unknown
Unable to login to http://myhost.mydomain.com:<7001|8080>/admingui, invalid credentials.
Lost admin account login information lost or forgotten
Resolution

 To correct this issue, you will need to manually interact with the datastore via the sqlplus command line interface.


Step 1, identify the oracle.user and oracle.password in the sql.conf


-Login into the unix server as the root account.
-cd to $CTHOME/conf, the default path for unix is /opt/ctrust/server-60/conf
-vi sql.conf
-locate the values for cleartrust.data.sql.server.oracle.user and cleartrust.data.sql.server.oracle.password.  If the sql.conf has not been
 heavily modified, the two directives will be adjacent to each other in the sql.conf and will look something like this:



 # This required parameter specifies the user account name that is used to
 # make the connection to the database.
 #
 # Allowed Values:
 #   A valid username.
 #
          :CT_OWNER


 # This required parameter specifies the password for the account specified by
 # .user above.
 #
 # Allowed Values:
 #   A valid password.
 #
 cleartrust.data.sql.server.oracle.password:oraclepassword


-record the values for these two variables and exit out of vi


Step 2, connect to oracle and modify the table for the admin account


- switch user to the oracle account
  # su - oracle
-Now, connect to sqlplus as follows, using the value you pulled from the sql.conf. Use this syntax explicitly, and only substituting ct_owner with the any other
 alternate value you have listed for cleartrust.data.sql.server.oracle.user. When prompted for a password, enter the password you obtained from the sql.conf
 for cleartrust.data.sql.server.oracle.password, in this example oraclepassword!


      #sqlplus ct_owner@$ORACLE_SID


 SQL*Plus: Release 10.2.0.4.0 - Production on Tue Jul 21 13:07:33 2009
 Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.
 Enter password:


 It will respond with:


 Connected to:
 Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Production
 With the Partitioning, Oracle Label Security, OLAP, Data Mining Scoring Engine
 and Real Application Testing options


-Now, alter your admin account at the SQL> prompt as follows with this command:


      SQL> update password set password = 'attitash' where user_id = (select id from users where name='admin');


-it will respond with:


      1 row updated.


-Now, commit the change:


      SQL> commit;


-It will respond with:


       Commit complete.


-Now exit:


        SQL>exit


Step 3: Login to admingui and change the password again so it will not be stored in cleartext.


-At this point, you should be able to successfully login to admingui with the new password.
-You will be required however to change the password again because
 modifying the password in this fashion will not re-encrypt the password with the default hash mechanism
 defined in sql.conf. 
-Until the password is changed again in admingui, it will be in cleartext. 
-Therefore locate the admin user and change the password again to re-encrypt.

NotesThe same philosophy can be applied to an RKM appliance when the password is unknown.  See solution How to log back in if I lost my Key Manager admin password? for other information specific to RKM appliances to reset the password.
Legacy Article IDa46759

Attachments

    Outcomes