Layer7 Access Management

Expand all | Collapse all

Password for policy server user

Jump to Best Answer
  • 1.  Password for policy server user

    Posted 05-25-2017 02:31 AM

    Hi,

     

    I am getting alerts on my system to change the password for the user with which the processes on the policy server are running.

    I found the password for that user set under /etc/shadow file in encrypted format(not sure what kind of encryption).

    The user is used to restart the services running on the server, hence I want to check where else does the credentials for this user might be used on the policy server.

    Policy server is Solaris 11 64bit.

     

    Regards,

    Pankaj Sharma



  • 2.  Re: Password for policy server user
    Best Answer

    Posted 05-25-2017 03:49 AM

    Ideally, the password of the user that runs the policy server is not set.

     

    You should see this user in the /etc/passwd file having /sbin/nologin as bash environment if the password is not set.

     

    This ensures that this user will not be used to login to the system.

     

    However, you can also set a password for this user if you want to login with the policy server to interactively use shell.

     

    If you do not know the password, please check that the user has permission to run the policy server without password within sudo:

    sudo - smuser /opt/CA/siteminder/start-ps

     

    Note:

     

    You may need to check with your system admin as your query relates more to the system than siteminder.

     

    Thank you,

     

    Osarobo



  • 3.  Re: Password for policy server user

    Posted 06-07-2017 05:44 AM

    Hi Osarobo,

     

    Thanks for input.

    I tried executing the command provided, sudo - smuser /opt/CA/siteminder/start-ps  and was challenged for password, does that mean there is a password set for the account used to restart the service.

     

    I am trying to gather the information from the system perspective as well, and any input from your end will be helpful as well.

     

    Regards,

    Pankaj Sharma