Layer7 API Management

  • Private Community

  • 1.  Update userpwd

    Posted Aug 09, 2018 09:51 AM

    Hi THere,

    I have created a user with Admin rights named xyz@test.com using internal identity provider via policy manager, and i want to update this password directly in the DB could you please let me know how could I perform it?



  • 2.  Re: Update userpwd

    Broadcom Employee
    Posted Aug 09, 2018 09:54 AM

    Hi Sharath,

     

    Can I ask why you want to update this directly in the DB as opposed to using the policy manager to do so?

    It is not advisable to directly makes updates to the DB. Additionally, the passwords are encrypted. 

     

    If it is just an issue of a forgotten password you can follow this to reset it to 'password' so you can log in and change it.

    Reset the credentials for the default Policy Manag - CA Knowledge 

     

    Regards,

    Joe



  • 3.  Re: Update userpwd

    Posted Aug 09, 2018 08:42 PM

    Is the following is the hash of the word password?

    $6$S7Z3HcudYNsObgs8$SjwZ3xtCkSjXOK2vHfOVEg2dJES3cgvtIUdHbEN/KdCBXoI6uuPSbxTEwcH.av6lpcb1p6Lu.gFeIX04FBxiJ.



  • 4.  Re: Update userpwd

    Broadcom Employee
    Posted Aug 10, 2018 07:22 AM

    Yes, you are correct, that is the hash of the value 'password'.



  • 5.  Re: Update userpwd
    Best Answer

    Posted Aug 10, 2018 08:21 PM

    Hi Sharath,

     

    As Joe mentioned, it is not officially supported to change user passwords through the database directly. A few items for your consideration:

     

    • The passwords you place in there may not be hashed and would be plain-text, open to anyone who has access to the database. This would go strongly against any best practices when storing any kind of user credentials.

     

    • Unless access is strictly enforced and the SQL commands are run through say a script, the database is now open to manipulation which makes it far more error-prone. Since there is a lot of sensitive and critical data in the SSG database, we would highly discourage modifications of the database data directly for anything, unless specifically directed by a CA employee.

     

    • It's ultimately just very risky and would not be supported.

     

    If your use-case requires this though, then I'd at least like to strongly suggest that a database backup be done before any data manipulation. But if it's not a requirement, I definitely encourage following the standard documented processes for updating the user credentials in the Internal Identity Provider.



  • 6.  Re: Update userpwd

    Posted Aug 12, 2018 09:07 PM

    Thanks will comply as recommended.



  • 7.  Re: Update userpwd

    Broadcom Employee
    Posted Aug 09, 2018 10:22 PM

    Dear SHARATH YERAMALLA ,

    If you're thinking reset the password with script, you might use restman interface.

    curl -X PUT -k -H 'Content-Type: application/xml' -u <username:password for basic authentication> 'https://<your gateway:port>/restman/1.0/users/{userid}/password' --data <plain password>

     

    for example,

    curl -X PUT -k -H 'Content-Type: application/xml' -u admin:7layer 'https://localhost:9443/restman/1.0/users/1e0fa5409572c6b31cb6c9884eb6ec3a/password' --data mark123

     

    Regards,

    Mark



  • 8.  Re: Update userpwd

    Broadcom Employee
    Posted Aug 12, 2018 09:08 PM

    Dear SHARATH YERAMALLA ,

    As the same reason mentioned by DustinDauncey above, I strongly recommend you not to make change on the ssg database directly.

    Please think of resetting password on policy manager, or via restman interface.

     

    Regards,

    Mark