Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
7_ranjan_7 Trusted Contributor.
Trusted Contributor.
423 views

ESM user creation with never expire credentials

Jump to solution

HI,

I want to create a ESM user with never expire Credentials. 

Please suggest how can made it.

0 Likes
1 Solution

Accepted Solutions
Highlighted
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: ESM user creation with never expire credentials

Jump to solution

@7_ranjan_7 

pls open the server.properties file with you favourite editor

add a new line that contains

auth.password.age.exclude=username1,username2


where username1/username 2 are the usernames (the login name) of the accounts that should not expire.
save the server.properties, and restart arcsight manager (/etc/init.d/arcsight_services stop manager && /etc/init.d/arcsight_services start manager). Ohterwise this change will not be recognized by ESM.

 

Cheers

A

View solution in original post

0 Likes
4 Replies
Knowledge Partner
Knowledge Partner

Re: ESM user creation with never expire credentials

Jump to solution

Hello,

 

this is your answer from Micro Focus ESM Administrator's Guide:

Password Uniqueness


In some environments, it is also desirable that no two users use the same password. To enable a check
that ensures this, the following server.properties key can be used:
auth.password.unique=false
If set to true, the Manager checks all other passwords to make sure nobody is already using the same
password.

Note: This feature may not be appropriate for some environments as it allows valid users of the
system to guess other user’s passwords.

Setting Password Expiration

The Manager can be set up to expire passwords after a certain number of days, forcing users to choose
new passwords regularly. This option is controlled by the following key in server.properties:
auth.password.age=60
By default, a password expires 60 days from the day it is set.
When this setting is used, however, some problems arise for user accounts that are used for automated
log in, such as the user accounts used for Manager Forwarding Connectors. These user accounts can be
excluded from password expiration using the following key in server.properties:
auth.password.age.exclude=username1,username2
This value is a comma-separated list of user names. The passwords of these users never expire.
The Manager can also keep a history of a user’s passwords to make sure that passwords are not reused.
The number of last passwords to keep is specified using the following key in server.properties:
auth.password.different.min=1
By default, this key is set to check only the last password (value = 1). You can change this key to keep up
to last 20 passwords.

for more information you can take a look on this document that is part of ESM version 7.0P1 : https://community.microfocus.com/t5/ESM-and-ESM-Express/Micro-Focus-Security-ArcSight-ESM-Administrator-s-Guide/ta-p/1661005

 

Best Regards,

 

Daniel

7_ranjan_7 Trusted Contributor.
Trusted Contributor.

Re: ESM user creation with never expire credentials

Jump to solution

Hi Daniel,

Thanks for reply. 

I have searched the server.properties file but, I didn't find the field name "auth.password.unique". 

Do I need to add this field or something else?

Ranjan

0 Likes
Knowledge Partner
Knowledge Partner

Re: ESM user creation with never expire credentials

Jump to solution

Hello,

 

this parameter and the descrive of it can be found in server.defaults.properties, take a look :

......

# Whether or not passwords must be unique. If set to true, no user can have the
# same password as another user.
#
# WARNING: If this property is set to true, authenticated users can try to guess
# other user's passwords. ArcSight does not recommend using this feature.
auth.password.unique=false

.........

As you seen this is serv for other purpose then you need.

Also, please do not modify any parameter directly in server.defaults.properties file.

The only recomanded way to modify the value of any parameter is to use server.properties file.

 

Best Regards,

Daniel

Highlighted
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: ESM user creation with never expire credentials

Jump to solution

@7_ranjan_7 

pls open the server.properties file with you favourite editor

add a new line that contains

auth.password.age.exclude=username1,username2


where username1/username 2 are the usernames (the login name) of the accounts that should not expire.
save the server.properties, and restart arcsight manager (/etc/init.d/arcsight_services stop manager && /etc/init.d/arcsight_services start manager). Ohterwise this change will not be recognized by ESM.

 

Cheers

A

View solution in original post

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.