000028050 - AM 5.x  6.x - Set tokens specified in a text file into New PIN required mode

Document created by RSA Customer Support Employee on Jun 15, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000028050
Applies ToAuthentication Manager version 6.1
ACE/Server version 5.2
IssueSet tokens specified in a text file into New PIN required mode
Would like to selectively set multiple tokens into new PIN required mode.
Resolution

A TCL script that sets all tokens specified in a text file (one token serial number per line) into new PIN required mode is available here (setnpm.tcl) 

NOTE:  The input file for setnpm.tcl can be created manually with any text editor.  Alternatively you can generate a list of all assigned tokens and then manually break up this list as desired.  A TCL script to write all assigned token serial numbers to a file is available here (list_all_assigned_tokens.tcl)

 


Steps to run a TCL script:

1) Download RSA script(s) from the above links.
2) Copy the script(s) to your Authentication Manager primary ACE_HOME/utils/tcl/bin directory.
3) UNIX/LINUX only:  execute the ACE_HOME/utils/admenv script to identify required environment variables for executing the tcl-sd TCL interpreter.  Set the environment variables as specified by admenv.
4) OPTIONAL to test your ability to successfully run the TCL interpreter:  from ACE_HOME/utils/tcl/bin execute   tcl-sd test.tcl
This generates a list of agent hosts on your system.
5) Below is an example run of the list_all_assigned_tokens.tcl script:  

AM_HOME/utils/tcl/BIN>./tcl-sd list_all_assigned_tokens.tcl

Connected User: Administrator on Host: vm010
listing all assigned tokens...

Wrote 5071 assigned token serial numbers to assigned_tokens.txt.
Done.

6) Prior to running the setnpm.tcl script, break the assigned_tokens.txt file generated in the previous step into separate files as desired.  In the example below a 23 serial number extract from assigned_tokens.txt was copied into file testlist.txt.  Below is an example run of the setnpm.tcl script (force new PIN mode for tokens in testlist.txt):

AM_HOME/utils/tcl/BIN>./tcl-sd setnpm.tcl testlist.txt

Connected User: Administrator on Host: vm010
Setting all tokens in testlist.txt to New PIN required...
Put token UPW000000102 into new PIN mode
Put token UPW000000103 into new PIN mode
Put token UPW000000104 into new PIN mode
Put token UPW000000130 into new PIN mode
Put token 000020735714 into new PIN mode
Put token 000020735715 into new PIN mode
Put token 000020735718 into new PIN mode
Put token 000020735719 into new PIN mode
Put token 000020735720 into new PIN mode
Put token 000020735721 into new PIN mode
Put token 000020735723 into new PIN mode
Put token 000020735724 into new PIN mode
Put token 000020735725 into new PIN mode
Put token 000020735726 into new PIN mode
Put token 000020735727 into new PIN mode
Put token 000020735728 into new PIN mode
Put token 000020735729 into new PIN mode
Put token 000020735739 into new PIN mode
Put token 000020735740 into new PIN mode
Error setting new PIN mode for 000020735741: Sd_NewPin Error Invalid authentication setting has been specified
Put token UPW000000171 into new PIN mode
Put token 000024657982 into new PIN mode
Put token 000024657984 into new PIN mode

Set 22 tokens into new PIN mode.
Done.  

NOTE:  The error in the above output is due to an attempt to set new PIN mode for a Tokencode-Only token. This does not adversely affect processing tokens with PINs.


Legacy Article IDa54317

Attachments

    Outcomes