I can't access to the openCTI VM. I have followed this tutorial : https://www.notion.so/Virtual-machine-template-1789b4442b414dbf87f748db51c85aa5.
I launched the opencti-release-4.3.4.ova but this don't provide the credentials to lauch the VM. What are the login and the password ?
There is a little oversight of update in the documentation concerning the password :
login : opencti
password : opencti
Related
I'm connecting to an external Oracle Database with the example function that can be found here
const oracledb = require('oracledb');
const connection = await oracledb.getConnection(
{
user : "hr",
password : mypw, // mypw contains the hr schema password
connectString : "mydbmachine.example.com/orclpdb1"
}
);
So, as you can see, my credentials would be 'exposed' to everyone who can access the code (maybe github repository or something).
Is there any way of hiding my username and password or making them confidential, or I just shouldn't worry about it?
Note: I'm using the oracledb node module
You could use .env, and access to it with process.env.
check here: https://nodejs.org/dist/latest-v8.x/docs/api/process.html#process_process_env
Store your database secrets encrypted in Secrets Manager or Parameter Store and have your app read them at runtime. Be sure to update the IAM role that your app uses so that it has IAM permissions to retrieve the credentials.
Note: for certain databases, Secrets Manager supports auto-rotation of credentials.
Choices include:
prompt for the password at runtime
pass the password in an environment variable
use kerberos and then use 'external' authentication in node-oracledb. All this is configured and enabled in code layers below node-oracledb, see the Oracle Database Security Guide.
use an Oracle Wallet and then use 'external' authentication in node-oracledb.
I'm not able to use the secure vault to encrypt username and password in WSO# API Manager 2.6.0
I did the below config :
ran the ./ciphertool.sh -Dconfigure to start the ciphertool
gave the password to be encrypted
added it in carbon console at /_system/config/repository/
components/secure-vault location.
called in mediation as
<Password>{wso2:vault-lookup('AdminUser.Password')}</Password>
I got this error :
INFO - DefaultCryptoProviderComponent 'CryptoService.Secret' property has not been set. 'org.wso2.carbon.crypto.provider.SymmetricKeyInternalCryptoProvider' won't be registered as an internal crypto provider. Please set the secret if the provider needs to be registered.
We have mostly Linux users who login via Kerberos. But we also have a few (<50) users who use both Linux and Windows. This is supposed to grow in the future.
We would like to keep our User database on the Unix/Kerberos side.
But for some reason that eludes me I can not get it to work yet.
I did the following after reading some guides (domains anonymized):
1) Add the ADDC to /etc/krb5.conf on the linux KDC and Linux hosts
AD.DOMAIN = {
kdc = PDC.AD.DOMAIN
admin_server = PDC.AD.DOMAIN
default_domain = ad.domain
}
2) Add cross realm principals on the Linux side
addprinc -pw <longPW> -requires_preauth krbtgt#AD.DOMAIN
addprinc -pw <longPW> -requires_preauth krbtgt/LINUX.REALM#AD.DOMAIN
addprinc -pw <longPW> -requires_preauth krbtgt/AD.DOMAIN#LINUX.REALM
3) Add realm info via ksetup to Windows ADDC and other Windows machines
ksetup
default realm = ad.domain (NT Domain)
LINUX.REALM:
kdc = kdc.linux.realm
kpasswd = kdc.linux.realm
Realm Flags = 0x0No Realm Flags
Mapping all users (*) to a local account by the same name (*).
4) Add Two-Way trust on Windows side via
netdom trust /d:LINUX.REALM ad /add /PT:longPW /realm /twoway
Check returns
nltest /TRUSTED_DOMAINS
List of domain trusts:
0: LINUX.REALM (MIT) (Direct Outbound) (Direct Inbound) ( Attr: non-trans )
1: AD ad.domain (NT 5) (Forest Tree Root) (Primary Domain) (Native)
The command completed successfully
But also
netdom trust lst /d:LINUX.REALM /verify /KERBEROS /twoway
The command failed to complete successfully.
5) Add mapping to users
altSecurityIdentities for user ad\test shows kerberos: test#LINUX.REALM
I can login with ad\test (which is not what I want) but I can not log in as test#LINUX.REALM which is what I wanted
On the other hand:
kinit test#AD.DOMAIN
Password for test#AD.DOMAIN:
root#kdc:~# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: test#AD.DOMAIN
Valid starting Expires Service principal
21/07/2017 13:24 21/07/2017 23:24 krbtgt/AD.DOMAIN#AD.DOMAIN
renew until 22/07/2017 13:24
My problem:
I cannot login on the windows side with principals test#LINUX.REALM. As written in the topic we want the Linux Realm to be the account domain, not the AD, which should be possible as well, shouldn't it? We only want to have to handle account creation, deletion etc. in the Linux Realm, having the Windows Users log in with their Linux Account/Password.
What am I missing?
Doing
ksetup /addhosttorealmmap .dns.domain LINUX.REALM
on each windows client mostly fixed this problem.
I can now login with user#LINUX.REALM to the windows client with correct mapping.
I am trying to log into my B2C domain with a local global admin account.
I have tried creating three different accounts with different passwords and still get a incorrect username or password
Tried
Connect-MsolService
entered username and password
username is a "local" AD domain
so my my directory name is contosob2c.onmicrosoft.com
so user is bob.murray#contosob2c.onmicrosoft.com
password is easy to type and still get
Connect-MsolService : The user name or password is incorrect. Verify your user name, and then type your password again.
At line:1 char:1
+ Connect-MsolService
+ ~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Connect-MsolService], MicrosoftOnlineException
+ FullyQualifiedErrorId : 0x80048821,Microsoft.Online.Administration.Automation.ConnectMsolService
PS C:\WINDOWS\system32>
Tried multiple users, copied and pasted password from text file and logged into portal at same time and I still get the same error
Any help would be great as I am trying to enable groups through doc
t.co/krStaURSoF
Screenshot of login failure
I have just tried creating a brand new B2C tenant and in my new tenant i am having the exact same problem , i am creating my B2C tenant through the old portal, is this still a valid way to create B2C tenants ?
Saca's comment was correct i had an older verison of Connect-MSol Upgraded it , logged in fine and it all worked
Running Chef 12.5
CentOS Linux release 7.2.1511 (Core)
I created a new Chef user with these commands:
chef-server-ctl user-create test firstname lastname email#fake.com 'Passw0rd1!'
chef-server-ctl org-user-add myorg test
Added the user to the "users" group
Now in the GUI if I try to reset the user's key or password I get this error:
My account is an admin.
How do I reset a this user's password and key?
OK so I can login as the user and reset its key. But why can't an admin do that? I thought Chef admins had access to Delete,Grant,Read,Update all Chef objects?
If a user has lost their password you can change it via command line on the server with an admin user.
chef-server-ctl password test
This will prompt you to enter and confirm a new password. Give this to your user and let them manage their own key and password.