How to recover the user id or password of a read only database user from RSA Authentication Manager 8.x
Originally Published: 2019-03-08
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
- How to recover userid or password of a read-only database user from RSA Authentication Manager 8.x when it is unknown or lost.
- Customer has created a user for read-only access of RSA Authentication Manager database earlier but userid is now unavailable.
- Customer does not remember the password of the read-only database user which was created earlier.
Resolution
Steps:
- Enable Secure Shell on the Appliance following Enable Secure shell on the RSA Authentication Manager appliance.
- Logon to the primary Authentication Manager 8.x server via SSH as the rsaadmin user.
Note that during Quick Setup another username may have been selected. Use that username to login. - Navigate to /opt/rsa/am/utils.
- Run the command: ./rsautil manage-secrets -a listall to list parameters
- When prompted, enter the Operations Console administrator's name and password to list the available read-only database users
login as: rsaadmin Using keyboard-interactive authentication. Password: <enter operating system password> Last login: Mon Jan 9 13:07:55 2017 from jumphost.vcloud.local RSA Authentication Manager Installation Directory: /opt/rsa/am rsaadmin@am8xp:~> cd /opt/rsa/am/utils rsaadmin@am8xp:/opt/rsa/am/utils> ./rsautil manage-secrets -a listall Please enter OC Administrator username: <enter Operations Console administrator name> Please enter OC Administrator password: <enter Operations Console administrator password>
- The output after running the above command successfully prints several values list to the screen.
- Refer to the documented keys listed below for read-only database user information such as user ID, passwords and other properties that are set when the read-only database user is created.
Note: the passwords for the readonly.dbusers.x will be displayed in plain text.
Secrets stored in ./etc/systemfields.properties. com.rsa.am.readonly.dbusers ...........................: readonly.dbusers.1,readonly.dbusers.2 readonly.dbusers.1 ....................................: rdbuser readonly.dbusers.1.password ...........................: support1! readonly.dbusers.1.props ..............................: 192.168.2.175|255.255.255.0 readonly.dbusers.2 ....................................: rouser readonly.dbusers.2.password ...........................: Passwd01... readonly.dbusers.2.props ..............................: 192.168.2.102|255.255.255.255
Related Articles
AM 8.1: Cannot add or manage a user with user ID <UserID>. User IDs must be unique within a deployment. This user ID is al… Number of Views How to recover failed RSA Authentication Manager 8.x virtual appliance when the filesystem is stuck in read-only mode Number of Views User cannot change password with an error Read ONLY external database. Number of Views Read-only file system message for RSA Identity Governance & Lifecycle Number of Views Authentications failing after changing the directory password for the Directory User ID in the Identity Source Configurati… Number of Views
Trending Articles
RSA Authentication Manager Upgrade Process RSA Authentication Manager Patch Updates RSA SecurID Software Token 4.1.2 and 4.2.1 for Mac OS X displays: No token storage device was detected. Verify that the de… How to manipulate imported RSA SecurID Software Token(s) on an iPhone or iPad device RSA SecurID software token .sdtid file fails to import into RSA SecurID Software Token 5.0 for Windows
Don't see what you're looking for?
