Home
Extended ECM
API, SDK, REST and Web Services
Get password.log file
Srini_Venkat
We have LDAP Read Only synchronization and NT Authentication turned on. Is there a way I can still have a way of logging in as other users (create the password.log file in the \logs directory)?At present, in the LDAP synchronization settings under admin pages, under the New user password policy is set to "Hidden". If I change that to "Random", will that do it? Srini
Find more posts tagged with
Comments
Michael_Heisch_(sglcadmin12_-_(deleted))
if you have 2 servers e.g. a backend server.Configure this machine for Livelink login.You will be able to login with the credentials and the "hidden password" from the password.log file.You have to lock down this webserver, so nobody else is able to reach this website!!michael
Srini_Venkat
Hi Michael, Thanks for the reply. Where can I find the password.log file or the hidden password? It's not in the \logs directory.Srini
Appu_Nair
The password.log is a function of the DirSvcs Request Handler so it will get burnt on the computer where you are running the request.Also I would use this only to verify certain idiosyncracies and debugging routines.As such if you do this kind of "impersonation" it is tantamount to misuse as the livelink audit tables will record it as the poor user so please be considerate of that individual.
Appu_Nair
Correction Errata read 'computer' as the 'livelink server'.It sounded like I was saying it would get generated on the client where the browser is running.in taking Michael's example if you ran the reset passwords to hidden on the FE it will be under the logs of FE and if you ran it on BE it will be under the logs of BE.
Srini_Venkat
Can you provide some more detail on how exactly to get that password.log file to generate?I see the Reset Passwords options on two different screens under the Directory Services area. One is under the Reset User Passwords screen and the other one is under Configure Synchronization Sources > Edit Parameters screen.Which one should I update and how?See attached zip file with multiple screenshots.Thanks again.Srini
Appu_Nair
Unfortunately whatever I do I cannot seem to download and view your screen caps.What version of Livelink are you on.Regardless of the screen I beleive both should be doing the same thing.Starting with some version of livelink you are now able to add more than one syncronization source thereby multiple ldaps.the Reset Passwords on the syncronization would indicate that you are restting only that sosurce.I usually use the main link under directory services admin area and say Reset Passwords.This provides another screen asking you to confirm and to what method.I usually pick the one excludiing"Internal Users" and select the radio button to 'hidden' and rest it.At the end if you go to the logs of this server you should see password.log.Do practice this on dev system before doing anything on prod
Chris_Wagg
Message from Chris Wagg <
cwagg@opentext.com
> via eLink
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">eLink
Even if you find the password.log file, you still are not going to be able to log in as that user. With Directory Services authentication enabled, this password can't be used to actually log in. You must use the user's domain login credentials. If the authentication request does not come in through remote_user (from the web server) then your login request will fail either with "invalid username/password" or "illegal act performed".
I would also echo a previous posters comments, logging in to a production system as some other user sounds like something that should not be taken lightly. I would think that this would, at minimum, be highly unethical.
If you need to be able to test permissions, etc, I would recommend creating a test user that you can try things with, rather than trying to log in as a user that you don't have a password for.
---------------------------------------
Chris Wagg
Principal Product Specialist
Escalations Support Team
Open Text Corporation
Ph: 800-540-7292
---------------------------------------
From:
eLink Discussion: Livelink Directory Services Discussion [mailto:directoryservices@elinkkc.opentext.com]
Sent:
Friday, June 19, 2009 2:31 PM
To:
eLink Recipient
Subject:
Unfortunately whatever I do I cannot seem to download and view your screen...
Unfortunately whatever I do I cannot seem to download and view your screen...
Posted by
anair@alitek.com
(Nair, Appu) on 2009/06/19 14:28
In reply to:
Thanks Appu
Posted by
sriniv@gen-probe.com
(Venkataramani, Srini) on 2009/06/18 18:05
Unfortunately whatever I do I cannot seem to download and view your screen caps.What version of Livelink are you on.Regardless of the screen I beleive both should be doing the same thing.Starting with some version of livelink you are now able to add more than one syncronization source thereby multiple ldaps.the Reset Passwords on the syncronization would indicate that you are restting only that sosurce.I usually use the main link under directory services admin area and say Reset Passwords.This provides another screen asking you to confirm and to what method.I usually pick the one excludiing
"Internal Users" and select the radio button to 'hidden' and rest it.At the end if you go to the logs of this server you should see password.log.Do practice this on dev system before doing anything on prod
Srini_Venkat
Hi Chris and Appu, Thanks for the information. I will resort to using test users.I would like to clarify and provide my thoughts on this issue though. I've used this method in the past to view what a user sees and to confirm error messages etc. Of course, such logins were done only with user approval and documentation via Email or within a workflow (with a comment, Etc.) that is being viewed. Simply put, this feature is a HUGE time saver when troubleshooting and I know at least a few companies/consultants that use this approach.Perhaps it would help to understand what the purpose of the password.log file is at all if it stands to compromise system integrity?Thanks,Srini
Chris_Wagg
Message from Chris Wagg <
cwagg@opentext.com
> via eLink
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">eLink
The passwords.log file is used so that if you are resetting passwords to random, you can use mail merge to send people their updated passwords. I believe that resetting the passwords to hidden generates this as well, though I am not sure why we would do that (this may be who you are not able to find the file).
---------------------------------------
Chris Wagg
Principal Product Specialist
Escalations Support Team
Open Text Corporation
Ph: 800-540-7292
---------------------------------------
From:
eLink Discussion: Livelink Directory Services Discussion [mailto:directoryservices@elinkkc.opentext.com]
Sent:
Friday, June 19, 2009 3:14 PM
To:
eLink Recipient
Subject:
Hi Chris and Appu,
Hi Chris and Appu,
Posted by
sriniv@gen-probe.com
(Venkataramani, Srini) on 2009/06/19 15:12
In reply to:
re get password.log file
Posted by
cwagg
(Wagg, Chris) on 2009/06/19 14:58
Hi Chris and Appu,
Thanks for the information. I will resort to using test users.
I would like to clarify and provide my thoughts on this issue though. I've used this method in the past to view what a user sees and to confirm error messages etc. Of course, such logins were done only with user approval and documentation via Email or within a workflow (with a comment, Etc.) that is being viewed. Simply put, this feature is a HUGE time saver when troubleshooting and I know at least a few companies/consultants that use this approach.
Perhaps it would help to understand what the purpose of the password.log file is at all if it stands to compromise system integrity?
Thanks,
Srini
Appu_Nair
workflow debugging should really be done with a dummy user that you should request created in AD and made a livelink user.So if a workflow step user complains of a problem and it is repeatable then you can add this dummy user added to the same workflow group and you can debug.The password.log file converts all userid's in kuaf to an encrypted hash password.Typically the time one changes that is when the userid has changed in ad.I am 'anair' presently and in some contorted fashion the AD admins have decided that now they want to rename 'anair' to 'appunair' .naturally in livelink I would like to have access to my old id "anair" files (i do not want to transfer all my stuff to my new ID) but would like to be logged in as "appunair" so this is acheived by running the "Reset Passwords" to hidden or by adding a key called I beleive HidePasswords=true.If I was adminstering a 30000 user system it will be a while before I would get that all done so usually the HidePasswords works faster.Not sure if these things are current anymore as I am saying these primarily from my memory
Srini_Venkat
Thanks again for the clarifications.Srini
