first solution:
you do a "net user administrator"
and see when they last changed the local admin's password for you PC - just to have something they do against their policy.
You convince them that a local admin is much more danger (to the network; allows installation of any software) than a user
account who can do nothing with the computer except running as service (it doesn't even need interactive login privileges :)
That this is a mighty account in clearcase (and access to it is free for everyone who can modify config/cron via the disprun utility)
is something you need not tell them.
second solution:
it may be possible to change that login information via the registry in the HKLM/SYSTEM/CurrentControlSet/Services/Albd/Security
by copying new data there. but they are the NT people, ask them if this is the way to change the login info for a service.
And probably they also need to do this by a common login script for clearcase_albd.
Michael Schindler Configuration Manager
michael.schindler@philips.com
Sent by: owner-cciug@Rational.Com
To: cciug@Rational.Com@SMTP
edward.healey@intel.com@SMTP
cc:
Subject: RE: [cciug] Security!
Classification: Restricted
This may be a duplicate, I am not sure it got out.
If you change the password then you can rerun the siteprep program and
reinstall CC on the clients. This will update the password for the Atria
Location Broker service running on the client.
I have a question for everyone. I have been shutting down the location
broker and setting it to a "manual" start (clients only). This avoids the
whole problem of reconfiguring the clients and I have not seen any
detrimental effects. We are not using our clients as view or vob servers.
Does anyone see a problem with this?
Bruce Pratt
NSPW
Veridian Engineering
-----Original Message-----
From: owner-cciug@Rational.Com [mailto:owner-cciug@Rational.ComOn
Behalf Of Healey, Edward
Sent: Monday, February 07, 2000 6:06 PM
To: 'cciug@rational.com'
Subject: [cciug] Security!
Trouble in paradise!
Is this a true statement for ClearCase 3.2.1 on an NT 4.0 (service
pack 5) server?
The ClearCase application requires a generic user account for the
ALBD service.
(1) the ALDB password can not be reset without reconfiguring every
client, and no process exists today to do this
(2) the service is installed on the server and the clients, so log
on can not be restricted to the server (or a small group of systems) as is
required by current policy."
because of this...
The likelihood that an account has been compromised increases as the
time elapses, since the password was last set or changed increases. The
problem is compounded if the account owner leaves the group or company
My IT group is going to shut me down! They would have me change the
ALDB account password every month.
Is It possible to change 60+ users ALBD account password on the fly?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
This archive was generated by hypermail 2b29 : Sun May 06 2001 - 00:23:12 EDT