This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
PrashantSingh1
Beginner
Beginner
‎2019-09-04 04:54 AM

Service Account Password Complexity - Prod RSA

Hi Team,

 

A recent security audit has flagged up a non-compliant finding which will require a remediation on high priority due to its critical nature.

 

The passwords for the below accounts should meet the complexity requirements as below.

 

If password is set for never expire , password length must be 20 characters and contains all four qualities  i.e. upper case characters, lower case characters, numeric & special characters

 

Name

Type

Description

Owner

Comments

svcprd_sha_rsaldap

User

RSA LDAP

Atos

10 Characters Password

Please advise..

Labels (1)
Labels
0 Likes
Reply
11 Replies
SrirangaPrasan1
Employee
Employee
‎2019-09-05 09:14 AM

Used a complex password such as P)g7dq)f%YbV~%8d/$%u (20 characters) having all four qualities  i.e. upper case characters, lower case characters, numeric & special characters) 

Updated the password for the account used for Active directory binding from the Operations console and it works fine.

 

Let me know if that helps answer your query

Reply
PrashantSingh1
Beginner
Beginner
‎2019-09-07 06:16 AM

Hi Prasanna,

 

Thanks for the update, i am scared If i am changing the complex password that is having all 4 qualities from the operation console it will not broken the existing setup like Load balance web tier and Radius server and all authentication goes to the Active directory.please let me know. thanks..

0 Likes
Reply
SrirangaPrasan1
Employee
Employee
In response to PrashantSingh1
‎2019-09-09 09:55 AM

Create a Test user that has a 20 character length password with the required complexity and ensure that user is available to RSA. Verify if that user is able to login to Self service console with an LDAP password to rule out any issues. 

0 Likes
Reply
PrashantSingh1
Beginner
Beginner
‎2019-09-09 10:03 AM

Hi Prasanna,

 

Thanks for the update. Could you please share the steps how we can test in the self service console  if the user is able to login to self service console with an LDAP password.thanks.

0 Likes
Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
‎2019-09-09 11:17 AM

Prashant,

In the Security Console - Setup - Self Service, there is a section for authentication methods to the Self Service Console.

SC-Setup-SelfService_AuthMethoc.png

Where you can set authentication Methods for the Self Service Console, including something like Either Token, or Password (either LDAP or user created in the Internal database).  There is a similar setting for the Security Console.

 

When you access the Self Service console - 

https://am82p.vcloud.local:7004/console-selfservice/ 

You are presented with options to either logon or even request an account

SSC.png

If you have configured a choice between Password and Passcode, when you enter your UserID, you will be presented to select which choice you want to logon with.

SSC-choice.png

0 Likes
Reply
PrashantSingh1
Beginner
Beginner
‎2019-09-09 11:47 AM

Thanks again Prasanna

 

How we can change the password for the account used for Active directory binding from the Operations console. Please share the steps..

0 Likes
Reply
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor
In response to PrashantSingh1
‎2019-09-09 12:46 PM

If you change the AD or LDAP service account password in AD or LDAP, you reflect that change in the Identity Source Configuration in the Operations console - Deployment Configuration

OC-Deploy-IDSource-URL-Test2.png

0 Likes
Reply
PrashantSingh1
Beginner
Beginner
‎2019-09-10 05:35 AM

Thanks Prasanna. One more things we have 1 primary radius server and 2 replica server so while changing the complexity password from the Operation console, it will updated the primary radius server only  or we need to change the password for the primary and 2 Replica server as well if yes please share the steps. thanks in advance

0 Likes
Reply
SrirangaPrasan1
Employee
Employee
‎2019-09-11 12:40 PM

The change is only to be made on the Primary RSA AM server.

Reply
© 2023 RSA Security LLC or its affiliates. All rights reserved.