Automic Workload Automation

Hello all,

I would like to use the password of the logged in User in my scripting. Is it even possible, if so please let me know how can I get this. I am able to get the User name using &$USER# variable but not sure how to retrieve its password. 

Thanks,
Srujan.

Hi,

You mean the password of a user's Automation Engine / UC4 account?

Sorry, but you can't. It's hashed, that's a one-way function (or at least that's the idea, until proven otherwise).

Best regards,
Carsten

Hi

I would know no method - this would be a security issue...
You could get the passwrd string out of DB but its encrypted so there is no use for that..

May I ask why you want to get the user's password?

cheers, Wolfgang

Thanks Carsten_Schmitz_7883 for the immediate response.

Yes, I have created a user object and the user is supposed to run a workflow which would require his/her password to proceed.  It's sad to know that we can't get this. However, Is there a chance to get it done if we sync the user with LDAP.

Thanks,
Srujan.

Nope.

BUT: you can use the script function GET_LOGIN (to extract the PW out of a LOGIN object)

Limitation: it does not work for OS users by default, for this you must declare a new login type in CLT 0 then it will work.

https://docs.automic.com/documentation/webhelp/english/ALL/components/AE/11.2/All%20Guides/help.htm#ucacxe.htm

cheers, Wolfgang

FrankMuffke I understand it could be a security issue. The use case is as follows.

In our Organization, each user will normally have their corresponding domain passwords for every Data Center and here the workflow needs the user's domain password in order to connect to our application DB, so instead of prompting the user to enter his password each time he runs, I felt that it would be great if we could get that password  from the system and use that for the DB connection automatically.

Hope you understand, if not please let me know.

Thanks,
Srujan.

Srujan Pathuri said:

password to proceed.  It's sad to know that we can't get this. However, Is there a chance to get it done if we sync the user with LDAP.

Any way to decode a hashed password would be a major security issue. That goes for the LDAP sync as well, in my view. It works (well, it should, and it probably does) by hashing the password the user types, and sending the hash to the LDAP server. So no, there's probably no way to get the password back that way, either.

You'd need to store the password in a reversible form in the first place to use the user's UC4 password in a job, but I sense that either way, you may be opening up security problems you may not fully be aware of.

You could possibly use a prompt to ask the user for his password as part of your UC4 job, then use the input from the user for your job. Though even then, I'd recommend to thoroughly consider the security implications.

Hth,
Carsten

Srujan Pathuri said:

Center and here the workflow needs the user's domain password in order to connect to our application

I thought that's what you want to do.

Wolfgang's suggestion of using custom login objects won't help you with this, because they don't contain the domain password, but different passwords you'd first have to put into it. Well, you could ask your users to put their domain passwords into a custom login object again, but that'd be a security nightmare, and they would not be in sync with the domain controller or DB, e.g. when passwords change.

I'd go with the prompt and ask users for their passwords each time. Security done right is inconvinient at times, that's unfortunately the nature of it.

Hi

Yeah I understand.

As Carsten suggested you could use a Promptset to get the PW from the user
or store all user credentials in a LOGIN object and use it as described above.

here you find a short example how to use get_login in an OS job
https://community.automic.com/discussion/comment/34890#Comment_34890

cheers, Wolfgang

Basically Carstens Solution is preferable!

Just only one disadvantage - if you use a Promptset with password option the password will be returned encrypted - or you use it in cleatext - then its not secure.In the first case you will have to use get_Login to decrypt the PW.

cheers, Wolfgang

Thanks FrankMuffke Carsten_Schmitz_7883

I have been doing the same of what you are suggesting me to do, its really working fine by prompting the user for his password and later decrypting that using Job Melder functions. No issue with this so far but I was just curious to know whether we could have any way to get the password from the system, which is now clear that would be a security issue. Anyways, will go with the existing script. :)

Thanks,
Srujan.