How can I reset the admin password in Datastax Opscenter? Will disabling and reenabling authentication in /etc/opscenter/opscenterd.conf do the trick? Will I lose any other data in the process?
I'm not aware of an official way to simply reset the admin password in OpsCenter. However, I do know of a "hacky" way to do it, if you're up for that (and if you have physical or ssh access to the server).
OpsCenter's user authentication is maintained in a SQLite database file named passwd.db, located in the root of your OpsCenter directory. The file is created once you enable user authentication in OpsCenter. Using sqlite3, you can open and manage this file:
$ sqlite3 passwd.db
SQLite version 3.8.5 2014-08-15 22:37:57
Enter ".help" for usage hints.
sqlite> PRAGMA table_info(users);
0|id|INTEGER|0||1
1|username|TEXT|0||0
2|password|TEXT|0||0
3|groupid|INTEGER|0||0
sqlite> SELECT * FROM users;
1|admin|8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918|1
Looking above, you can see the row for the "admin" user of a brand new install of OpsCenter 5.2.1 is the hash of:
8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
If you update the password field on the users table to that value, it should reset it back to the original:
UPDATE users
SET password='8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918'
WHERE username='admin';
I don't know if the passwords on different versions of OpsCenter use the same hash or not, but this should work if you're using OpsCenter 5.2.1. Otherwise, if you have a user in there that you do know the password to, you can (look up and) set the admin password to that hash, and then at least you'll know the password and be able to log in.
Turns out this was fairly simple. All I needed to do was stop OpsCenter, rename (or remove) passwd.db, and restart OpsCenter again. The daemon automatically creates a new password db file and sets the admin password to 'admin'.
Related
We are going to change cassandra setting from authenticator: AllowAllAuthentication to authenticator: PasswordAuthenticator
to enable role-based authentication. There will be two roles:
admin which is a superuser
read-only which is only allowed to read.
I would like to provide backward compatibility for users of the cassandra cluster. More specifically,
many users use
shell script that uses cqlsh
python cassandra package
php cassandra package
to only read data from cassandra. Currently they don't specify any username or password. Therefore
I would like to make read-only role some sort of a "default" role, i.e. if no username and password provided,
then the role is automatically set to read-only so the users can read data and thus clients don't need to change their code.
Is there a way to do this? I'm currently having trouble in the following two parts:
the default user is cassandra if there is no role / user specified in cqlsh. I did not find a way to set default user / role.
and for the default user cassandra, I still have to set a password for it.
Any suggestions would be appreciated! Thanks in advance.
I come from an oracle background, were I've done "sqlplus "/as sysdba"" for years. I like it because the O/S authenticates me. Now, there is something similar in Cassandra, but it isn't secure. Basically in your home directory there is a subdirectory called ".cassandra" (hidden). In that directory there is a file (if there isn't, create one) called "cqlshrc" (so ~/.cassandra/cqlshrc). That file you can add authentication information that will allow someone to log in by simply typing "cqlsh" without anything else (unless you're doing remote where you need "host" and "port"). The cqlshrc file has, among other things an authentication section that looks like this:
[authentication]
username = <your_user_name>
password = <your_password>
So you could simply put your desired username and password in that file and you're essentially able to connect without supplying your username and password (You could also run "cqlsh -u your_user_name" and it will find your password in your cqlshrc file as well).
You can see a few obvious issues here:
1) The password is in clear text
2) If you change the password you need to change the password in the cqlshrc file
I do not recommend you use the "cassandra" user for ANYTHING. In fact, I'd drop it. The reason is because the cassandra user does everything with CL=quorum. We found this out when investigating huge I/O requests coming from OpsCenter and our backup tool (as you can see, we use DSE). They were all using cassandra and pounding on the node(s) that had the cassandra authentication information. It's baked into the code apparently to have CL=quorum - kinda dumb. Anyway, the above is one way to have users log in with a specific user and not provide credentials making it pretty easy to switch.
Hope that helps
-Jim
Most of the online guides give advice how to alter the password of the default cassandra user and create another admin for better security. Is there any reason to keep cassandra role if another superuser is created and used for all purposes?
I created a new admin user:
CREATE ROLE priam WITH PASSWORD = 'somepass' AND LOGIN = true AND SUPERUSER = true;
and deleted the default one:
drop role cassandra;
Seems that everything still works :) or not?
The biggest problem with built-in cassandra user is that the QUORUM consistency level is used when accessing its data. This means, if you lose several nodes, you have a big chance not be able to login with this user if you want to perform some action.
You can leave the cassandra user, but you must change its password, and because it's still exist, it's an additional security risk.
So it's better to use a new super user and drop cassandra.
Here they say that you can also drop the account after you create another with superuser rights.
https://docs.datastax.com/en/dse/6.0/dse-admin/datastax_enterprise/security/Auth/secCreateRootAccount.html
also here:
https://www.allcode.com/remove-the-user-cassandra-from-datastaxapache-cassandra-installations/
I have username admin. But now I forget my password.I want to reset my password in blue prism. How to recover my password?
This isn't the official script distributed by Blue Prism (as #Jerry pointed out the existence of), but one I've used against several installations to force a reset of the password.
Blue Prism v6
This finds the user with the username admin and resets their password back to the original admin string. It will force a password change for admin on their next logon.
USE blueprism
UPDATE BPAPassword SET salt = '', hash = '208512264222772174181102151942010236531331277169151', type = 0
WHERE userid = (SELECT userid FROM BPAUser WHERE username = 'admin')
Blue Prism v5
This script will change every user in the environment's password back to admin, but will not force a password change on the next log in. There is likely a more elegant way to do this and target just the admin user, but unfortunately I no longer have access to a v5 schema to test this on.
USE blueprism
UPDATE BPAUser
SET password = '208512264222772174181102151942010236531331277169151'
As an alternative to the script solution, you can also manually update the BPAPassword table using SQL Server Object Explorer (built-in in Visual Studio) to reset password to admin as follows:
find the desired user in the BPAUser table and copy userid
find the row with same userid inside BPAPassword table
update following columns
type -> 0
salt -> ''
hash -> 208512264222772174181102151942010236531331277169151
You can reset the password by running a query in the MS SQL Database in which BluePrism stores everything it uses. As for what query that is, it looks like it depends on the version of BluePrism, per this page:
How can I reset my Blue Prism admin password?
If you forget your Blue Prism admin password and/or exceed the maximum number of allowed login attempts, then please contact support#blueprism.com for details on how to request the relevant admin password reset scripts.
We have several scripts which you can use to reset the password for the 'Admin' account. The script command is specific to the version of Blue Prism you are using.
Important: These scripts should only be run by a Database Administrator or someone who has an understanding of SQL.
If it is an enterprise level then, you need to raise ticket to IT team. They will reset the password and inform you.
If Blue Prism is installed on local machine with local database credentials then there is an trick to reset it.
Irrespective of the version, you can follow the same steps. As I have version 6. below screen shots are with respect to version 6. But the fundamental tasks will be the same.
Steps are as below:
As we know While installing Blue Prism on the system, It will ask for the connection. Considering the "Default connection" password needs to be reset. Follow the following steps:
Click on Blue Prism icon
Click on Configure link on login window below window will appear
Click on New Connection button. Following window will appear with default connection name. In my case it is connection2
As this steps need to be carried out on local machine, use the local database instance name as Database server and give name Database Name
Fill the required details, and click on Create Database. Once the Database created successfully, just ensure once again click on Test Connection and validate the connection establishment between Blue Prism and SQL Server
Note: In the SQL Database, database will be created with the name given in Database Name field
Open SQL Server Instance, you'll be finding the Database Name (value mentioned in field)created.
Navigate to Database Name --> Tables--> BPAPassword and hit the following query
Select * from BPAPassword. In the output table, salt and hash the main two column for which we are looking for.
Note: We're doing this, as we know when we install Blue Prism and try for login the initial username and password will be admin. As soon as, we login with the default credential it will ask for change password.
Blue prism will store all the values in encrypted mode in Database, So decryption of the values will be impossible as human.
As this is a new connection for Blue Prism, for this connection default password will be admin
Now, Copy the value of salt and hash.
Connect the database which is used for Default connection. And update the salt and hash column in BPAPAassword Table using the SQL Update statement for specific user.
Note: If you've multiple users then, goto BPAUser and find the user for which you need to reset the password.
NOTE: This will be carried out only on local machine. If it happened within organization please connect to IT team to password reset. Please do not create the database on the organization database server as it may affect the Blue Prism server which is configured already as per organization requirement
You can just enter admin as user and admin as password. Thereafter you are redirected to a window that will allow you to enter a new password.
I am new to couchDB world after installing its latest version I am getting login window. I don't know what is default username and password.
Thanks in advance!
To verify if you already have and admin user configured you should check the local.ini config file in CouchDB.
In macOS for default package it should be located here:
~/Library/Preferences/couchdb2-local.ini
Edit the local.ini and check if there is an [admins] section on it. Add an admin user or replace the existing password
[admins]
admin=<your-new-pass>
Restart couchdb, the pass will be hashed in the file and you can log in with the new admin user.
It's strange, but i've searched around for this source of configuration but couldnt find it out.
Im currently using opensuse 11.3 with postgresql 9.
Every postgresql command line that i issue will ask the current user password, like psql, createdb, dropdb, and i have to enter the password of the current user (which is postgres) to make it work.
Doing dropdb xxx && createdb xxx will ask the password twice.
Please show me the light !
Thank you :-)
EDIT
Actually im already running as a postgres user (a user in my linux), so i can psql without supplying the database password, but i still have to supply the password for the system user postgres.
So if the database has a user of dbuser, and im running psql as the postgres (linux user), a password for the linux user (postgres) will be asked, not the dbuser password.
You can create a ~/.pgpass file (%APPDATA%\postgresql\pgpass.conf on Windows) with a line in the following format:
hostname:port:database:username:password
See the documentation for details.
If you're on opensuse you should be able to create a .pgpass file by running:
echo "hostname:port:database:username:password" > ~/.pgpass
chmod 0600 ~/.pgpass
With all of the correct information of course.
if you have a .pgpass file setup to allow a certain user access to a certain database (let's call it "myprojectdb"), recall that creatdb and dropdb aren't really acting on "myprojectdb" despite the fact that you may be asking them to create and drop that db.
You'll most likely want to add postgres' internal tables to your pgpass permissions (postgres / templates). Also don't forget to add the --no-password option on both createdb and dropdb to ignore interactive prompts (note this will only work if the user specified with the -U option can modify the internal postgres tables)