Default role  with password - reality check

Similar Messages

• SET ROLE WITH PASSWORD

  How can i to set role with password from a package ?
  the package dbms_session.set_role can set the password ?
  regards
  MDF

  Check this out.
  http://download-west.oracle.com/docs/cd/B14117_01/server.101/b10759/statements_10004.htm#sthref7302

• Default role with membership login

  I am creating a new instance of our portal. Right now, I have the login set to membership. If I create a new user, I get a serious desktop error. (error below)
  I noticed when I go into the admin this new user has no role assigned. How do I set it up so the user would get the look from default?
  09/17/2003 09:06:51:387 AM EDT: Thread[Thread-185,5,main]
  ERROR: JspRequestDispatcher:
  javax.servlet.ServletException: Problem processing JSP: /header.jsp
  at com.sun.portal.providers.jsp.JspRequestDispatcher.getJspResource(JspRequestDispatcher.ja
  a:164)
  at com.sun.portal.providers.jsp.JspRequestDispatcher.include(JspRequestDispatcher.java:97)
  at org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:408)
  at jsps.etc._opt._SUNWps._desktop._iConnect._default_en_US._JSPTabContainer._html._tab_js
  ._jspService(_tab_jsp.java:85)
  at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.sun.portal.providers.jsp.JspServletWrapper.service(JspServletWrapper.java:182)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:692)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:672)
  at com.sun.portal.providers.jsp.JSPProvider.getContent(JSPProvider.java:471)
  at com.sun.portal.providers.containers.jsp.tab.JSPTabContainerProvider.getContent(JSPTabCon
  ainerProvider.java:535)
  at com.sun.portal.desktop.context.PSContainerProviderContext.getContent(PSContainerProvider
  ontext.java:367)
  at com.sun.portal.desktop.context.PSDesktopContext.getContent(PSDesktopContext.java:957)
  at com.sun.portal.desktop.DesktopServlet.doGetPost(DesktopServlet.java:493)
  at com.sun.portal.desktop.DesktopServlet.service(DesktopServlet.java:303)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.iplanet.server.http.servlet.NSServletRunner.invokeServletService(NSServletRunner.jav
  :897)
  at com.iplanet.server.http.servlet.WebApplication.service(WebApplication.java:1065)
  at com.iplanet.server.http.servlet.NSServletRunner.ServiceWebApp(NSServletRunner.java:959)
  09/17/2003 09:06:51:402 AM EDT: Thread[Thread-185,5,main]
  ERROR: DesktopServlet.handleException()
  com.sun.portal.providers.ProviderException: JSPProvider.processJSPFile(): jsp=tab.jsp, java.lang.In
  exOutOfBoundsException: Index: 0, Size: 0
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:709)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:672)
  at com.sun.portal.providers.jsp.JSPProvider.getContent(JSPProvider.java:471)
  at com.sun.portal.providers.containers.jsp.tab.JSPTabContainerProvider.getContent(JSPTabCon
  ainerProvider.java:535)
  at com.sun.portal.desktop.context.PSContainerProviderContext.getContent(PSContainerProvider
  ontext.java:367)
  at com.sun.portal.desktop.context.PSDesktopContext.getContent(PSDesktopContext.java:957)
  at com.sun.portal.desktop.DesktopServlet.doGetPost(DesktopServlet.java:493)
  at com.sun.portal.desktop.DesktopServlet.service(DesktopServlet.java:303)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.iplanet.server.http.servlet.NSServletRunner.invokeServletService(NSServletRunner.jav
  :897)
  at com.iplanet.server.http.servlet.WebApplication.service(WebApplication.java:1065)
  at com.iplanet.server.http.servlet.NSServletRunner.ServiceWebApp(NSServletRunner.java:959)
  java.lang.IndexOutOfBoundsException: Index: 0, Size: 0
  at java.util.ArrayList.RangeCheck(ArrayList.java:486)
  at java.util.ArrayList.get(ArrayList.java:302)
  at com.sun.portal.desktop.util.SmartList.get(SmartList.java:132)
  at com.sun.portal.providers.containers.jsp.tab.util.TabData.getSelectedTabName(TabData.java
  157)
  at com.sun.portal.providers.containers.jsp.tab.JSPTabContainerProvider.getSelectedTabName(J
  PTabContainerProvider.java:344)
  at com.sun.portal.desktop.taglib.container.tab.GetSelectedTabNameTag.doStartTag(GetSelected
  abNameTag.java:21)
  at jsps.etc._opt._SUNWps._desktop._iConnect._default_en_US._JSPTabContainer._html._tab_js
  ._jspService(_tab_jsp.java:130)
  at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.sun.portal.providers.jsp.JspServletWrapper.service(JspServletWrapper.java:182)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:692)
  at com.sun.portal.providers.jsp.JSPProvider.processJspFile(JSPProvider.java:672)
  at com.sun.portal.providers.jsp.JSPProvider.getContent(JSPProvider.java:471)
  at com.sun.portal.providers.containers.jsp.tab.JSPTabContainerProvider.getContent(JSPTabCon
  ainerProvider.java:535)
  at com.sun.portal.desktop.context.PSContainerProviderContext.getContent(PSContainerProvider
  ontext.java:367)
  at com.sun.portal.desktop.context.PSDesktopContext.getContent(PSDesktopContext.java:957)
  at com.sun.portal.desktop.DesktopServlet.doGetPost(DesktopServlet.java:493)
  at com.sun.portal.desktop.DesktopServlet.service(DesktopServlet.java:303)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.iplanet.server.http.servlet.NSServletRunner.invokeServletService(NSServletRunner.jav
  :897)
  at com.iplanet.server.http.servlet.WebApplication.service(WebApplication.java:1065)
  at com.iplanet.server.http.servlet.NSServletRunner.ServiceWebApp(NSServletRunner.java:959)

  It seems like "serious desktop error" is actually
  caused by header.jsp and has nothing to do
  with the fact that user has no roles assigned
  (which is the "default" role for new portal user)
  Cheers,
  Alex :-)

• Creation of BP with default role

  Hi ,
     I have a requiement where in I want a Business Partner to be created with a default role ,i.e CRM006. I can do this in GUI with the help of authorizations.
  But the same does not work in PCUI.
  My requirement is whenever a user creates a Business Partner, Role CRM006 automatically gets assigned to it.
  please sugest something.
  Help will be apreciated.
  Regards
  Sourabh Verma

  Hi PREMKUMAR LNS,
  you can easily implement BADI: BADI_CRM_BP_UIU_DEFAULTS
  IF_UIU_BP_DEFAULTS~GET_DEFAULT_VALUES
  and write something like this:
  assign cr_me->('TYPED_CONTEXT') to <typed_context>.
    if sy-subrc = 0.
      lr_typed_context ?= <typed_context>.
      if lr_typed_context is bound.
        assign lr_typed_context->('HEADER') to <context_node>.
        if sy-subrc = 0.
          try.
              lr_node            ?= <context_node>.
            catch cx_sy_move_cast_error.  "EC_NOHANDLER
          endtry.
          if lr_node is bound.
            lr_coll_wrapper ?= lr_node->collection_wrapper.
            if lr_coll_wrapper is bound.
              try.
                  lr_current ?= lr_coll_wrapper->get_current( ).
                  check lr_current is bound.
  controllo la tipologia di account
                  zbp_category = lr_current->get_property_as_string( 'BP_CATEGORY' ).
                 zbp_group    = lr_current->get_property_as_string( 'BP_GROUP' ).
                  if zbp_category = '1'.
                  elseif zbp_category = '2'.
                Set default role at creation to "Relation"
                     break domino.
                      zobp_category = lr_current->get_property_as_string( 'BP_ROLE' ).
                      if  zobp_category is initial.
  Here you are setting the default role   
                    lr_current->set_property( iv_attr_name = 'BP_ROLE'
                                     iv_value = 'BUP002' ).
                      endif.
                  else.
                  endif.
                catch cx_sy_move_cast_error.
              endtry.
            endif.
          endif.
        endif.
      endif.
    endif.

• Hi, I having trouble trying to connect to the wifi, I know the passwords and checked with others divises but with the mac os x 10.7.5  mac os x lino

  Hi, I having trouble trying to connect to the wifi, I know the passwords and checked with others divises but with the mac os x 10.7.5  mac os x lion is not working
  One of the wifi connections said "time out" or did not recongnise the password

  Hi andrea122,
  Thanks for visiting Apple Support Communities.
  If you're not able to connect to Wi-Fi on your iMac, the troubleshooting steps in this article can help:
  Wi-Fi: How to troubleshoot Wi-Fi connectivity
  http://support.apple.com/kb/HT4628
  Regards,
  Jeremy

• User Default Mappings attribute "role" with condition "OR"

  Hello,
  we are using GRC 5.3 SP 8.1.
  User default mappings with more than one "role" attribute and the condition "OR" don't seem to work. After provisioning no user parameters have changed in backend system. When I configure only one "role" with the condition "AND" everything works fine, request types are the same.
  Any suggestions?
  Thanks,
  Manuel

  Hallo Sirish,
  thanks for this helpful answer.
  In the note it says: "After upgrade from 5.2 to 5.3 SP08.1, the user defaults were not provisioned."
  So this error only occurs when upgraded from 5.2 to 5.3 SP8.1 or is it a gnerally bug in SP 8.1?
  I configured some new conditions in our test system and it worked. So in my opinion only the old configured user default mappings don't work because of the upgrade (???). I'm a little bit confused...
  Regards,
  Manuel Kunkel

• Log in with default username and password

  Is there a way to create a pdf so that it automatically logs in with a default username and password so that the user is not prompted upon opening?

  No, there is no way set a default user name and password, but as an alternative you can set your policy to be "Anonymous Access", meaning that there is no authentication (of the user) required to open the document, but you can still control (i.e. prevent printing) what the "anonymous" user can do to\with the document.
  Regards
  Steve

• Content area should be a white area/page with the first/default role

  Hi All,
  Pealse help me
  When user logs in to the Portal, content area should be a white area/page with the first/default role
  Thanks,
  Jyothi.

  hi,
  simple way, create a static HTML page with your company logo (or empty page) and upload to KM, assign it to existing Home role as a KM document iview that loads first.(make entry point - yes).
  assign the role to everyone group with property -sort priority 10 for role (low compared to all other roles)
  regards,
  mahesh.

• Reality check -Help with MBP 13' purchase

  Hello guys,
  I live in a country without Apple store, all information I get is from the Internet.Hopefully someone could help me. I would like to know if it is worth buying 2011 13' macbook pro I need reality check. I'm a photographer and I use Aperture and CS5 photoshop every day. Will it work smoothly on MBP 13' 2011 ??
  - I have 2006 15' MBP works very well, but a bug crawled into my LCD, and bugger died there nicely in the middle.
  I would like to have, good future proof machine that would last another 5 years.
  Core i5 or I7?  I can not afford large ssd ( I need min. 500GB ssd ). In many forums, people talk about redesign in late 2011 ..etc.
  Which model should i buy?

  I surprised nobody answered you yet. If your main goal is working with photography or photos, you should get the Macbook Pro 15" 2011 i7 model. The 13" MBP has a really low screen resolution compared to all other laptops these days 1200x800. The 15" model is 1440x900 in the stock configuration. The 13" does not have enough real estate on the screen to be useful for photo editing. Also, it lacks a discrete graphics card. You must rely solely on the Intel HD 3000 internal graphics.
  If you get either 15" model, the cheaper one has an AMD HD 6490m discrete card and the high end model has the AMD HD 6750m. You can still use the Intel HD 3000 to save battery life, but the 15" models give you more pixels on the screen and much better graphics processing.
  The new Intel HD 3000 is not bad, it is "good enough"... but "good enough" for now will be out of date "sooner than later". The 15 inch models provide much more flexibility and are much more future proof. I owned the original Core Duo Macbook in 2006 and it had the same 1280x800 resolution 5 years ago. It was never enough for serious work.
  Also you could consider the 2011 Macbook Air if you only care about price and don't want the discrete graphics card. There is a 13" model with 1440x900 resolution and it has the option for i7 and comes standard with a 128GB or 256GB SSD on the top model. All models except the lowest end have 4GB of RAM standard too.

• How do I stop  my mail from send out my e-mails with the mobile me acct instead of my default provider?  I have checked the "use only this server" in my provider account.

  How do I stop  my mail from send out my e-mails with the mobile me acct instead of my default provider?  I have checked the "use only this server" in my provider account.

  There is no such option/setting on an iPhone to determine this. Whether you can view the attachment has more to do with your connection, WiFi or cellular, and the size of the attachment than anything else. There will be a paperclip indicating the message includes an attachment regardless if downloaded with the message or not. When connected to the cellular network, if an attachment is below a designated size the attachment will be downloaded automatically. If over a certain size, you must select the attached file icon in the body of the message to download the attachment. The size limit varies by carrier/provider.
  Tell her you're gonna leave her out of the Will if she doesn't stop .

• How do I enable default failure audit and password policy checking?

  Hi,
  I am trying to install DPM 2012 R2, and on the requirements for SQL is : Use the following SQL Server settings:
  default failure audit, and enable password policy checking
  I have tried looking for them, but I can't find them.
  How do I apply these settings?
  Thanks .

  Hi,
  I am trying to install DPM 2012 R2, and on the requirements for SQL is : Use the following SQL Server settings:
  default failure audit, and enable password policy checking
  I have tried looking for them, but I can't find them.
  How do I apply these settings?
  Thanks .
  Simple way to enable login default failure audit is Right Click On SQL server instance in SQL Server management studio and select Properties then below page will occur. There are 2 options in Login auditing select appropriate one
  for enabling policy please refer below links
  Enforce windows password policy on SQL Server logins
  Password Policy FAQ
  Please mark this reply as answer if it solved your issue or vote as helpful if it helped so that other forum members can benefit from it.
  My TechNet Wiki Articles

• Pam.conf does not use ldap for password length check when changing passwd

  I have already posted this in the directory server forum but since it is to do with pam not using ldap I thought there might be some pam experts who check this forum.
  I have dsee 6.0 installed on a solaris 10 server (client).
  I have a solaris 9 server (server) set up to use ldap authentication.
  bash-2.05# cat /var/ldap/ldap_client_file
  # Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
  NS_LDAP_FILE_VERSION= 2.0
  NS_LDAP_SERVERS= X, Y
  NS_LDAP_SEARCH_BASEDN= dc=A,dc= B,dc= C
  NS_LDAP_AUTH= tls:simple
  NS_LDAP_SEARCH_REF= FALSE
  NS_LDAP_SEARCH_SCOPE= one
  NS_LDAP_SEARCH_TIME= 30
  NS_LDAP_SERVER_PREF= X.A.B.C, Y.A.B.C
  NS_LDAP_CACHETTL= 43200
  NS_LDAP_PROFILE= tls_profile
  NS_LDAP_CREDENTIAL_LEVEL= proxy
  NS_LDAP_SERVICE_SEARCH_DESC= passwd:ou=People,dc=A,dc=B,dc=com?one
  NS_LDAP_SERVICE_SEARCH_DESC= group:ou=People,dc=A,dc=B,dc=C?one
  NS_LDAP_SERVICE_SEARCH_DESC= shadow:ou=People,dc=A,dc=B,dc=C?one
  NS_LDAP_BIND_TIME= 10
  bash-2.05# cat /var/ldap/ldap_client_cred
  # Do not edit this file manually; your changes will be lost.Please use ldapclient (1M) instead.
  NS_LDAP_BINDDN= cn=proxyagent,ou=profile,dc=A,dc=B,dc=C
  NS_LDAP_BINDPASSWD= {NS1}6ff7353e346f87a7
  bash-2.05# cat /etc/nsswitch.conf
  # /etc/nsswitch.ldap:
  # An example file that could be copied over to /etc/nsswitch.conf; it
  # uses LDAP in conjunction with files.
  # "hosts:" and "services:" in this file are used only if the
  # /etc/netconfig file has a "-" for nametoaddr_libs of "inet" transports.
  # the following two lines obviate the "+" entry in /etc/passwd and /etc/group.
  passwd: files ldap
  group: files ldap
  # consult /etc "files" only if ldap is down.
  hosts: files dns
  ipnodes: files
  # Uncomment the following line and comment out the above to resolve
  # both IPv4 and IPv6 addresses from the ipnodes databases. Note that
  # IPv4 addresses are searched in all of the ipnodes databases before
  # searching the hosts databases. Before turning this option on, consult
  # the Network Administration Guide for more details on using IPv6.
  #ipnodes: ldap [NOTFOUND=return] files
  networks: files
  protocols: files
  rpc: files
  ethers: files
  netmasks: files
  bootparams: files
  publickey: files
  netgroup: ldap
  automount: files ldap
  aliases: files ldap
  # for efficient getservbyname() avoid ldap
  services: files ldap
  sendmailvars: files
  printers: user files ldap
  auth_attr: files ldap
  prof_attr: files ldap
  project: files ldap
  bash-2.05# cat /etc/pam.conf
  #ident "@(#)pam.conf 1.20 02/01/23 SMI"
  # Copyright 1996-2002 Sun Microsystems, Inc. All rights reserved.
  # Use is subject to license terms.
  # PAM configuration
  # Unless explicitly defined, all services use the modules
  # defined in the "other" section.
  # Modules are defined with relative pathnames, i.e., they are
  # relative to /usr/lib/security/$ISA. Absolute path names, as
  # present in this file in previous releases are still acceptable.
  # Authentication management
  # login service (explicit because of pam_dial_auth)
  login auth requisite pam_authtok_get.so.1 debug
  login auth required pam_dhkeys.so.1 debug
  login auth required pam_dial_auth.so.1 debug
  login auth binding pam_unix_auth.so.1 server_policy debug
  login auth required pam_ldap.so.1 use_first_pass debug
  # rlogin service (explicit because of pam_rhost_auth)
  rlogin auth sufficient pam_rhosts_auth.so.1
  rlogin auth requisite pam_authtok_get.so.1
  rlogin auth required pam_dhkeys.so.1
  rlogin auth binding pam_unix_auth.so.1 server_policy
  rlogin auth required pam_ldap.so.1 use_first_pass
  # rsh service (explicit because of pam_rhost_auth,
  # and pam_unix_auth for meaningful pam_setcred)
  rsh auth sufficient pam_rhosts_auth.so.1
  rsh auth required pam_unix_auth.so.1
  # PPP service (explicit because of pam_dial_auth)
  ppp auth requisite pam_authtok_get.so.1
  ppp auth required pam_dhkeys.so.1
  ppp auth required pam_dial_auth.so.1
  ppp auth binding pam_unix_auth.so.1 server_policy
  ppp auth required pam_ldap.so.1 use_first_pass
  # Default definitions for Authentication management
  # Used when service name is not explicitly mentioned for authenctication
  other auth requisite pam_authtok_get.so.1 debug
  other auth required pam_dhkeys.so.1 debug
  other auth binding pam_unix_auth.so.1 server_policy debug
  other auth required pam_ldap.so.1 use_first_pass debug
  # passwd command (explicit because of a different authentication module)
  passwd auth binding pam_passwd_auth.so.1 server_policy debug
  passwd auth required pam_ldap.so.1 use_first_pass debug
  # cron service (explicit because of non-usage of pam_roles.so.1)
  cron account required pam_projects.so.1
  cron account required pam_unix_account.so.1
  # Default definition for Account management
  # Used when service name is not explicitly mentioned for account management
  other account requisite pam_roles.so.1 debug
  other account required pam_projects.so.1 debug
  other account binding pam_unix_account.so.1 server_policy debug
  other account required pam_ldap.so.1 no_pass debug
  # Default definition for Session management
  # Used when service name is not explicitly mentioned for session management
  other session required pam_unix_session.so.1
  # Default definition for Password management
  # Used when service name is not explicitly mentioned for password management
  other password required pam_dhkeys.so.1 debug
  other password requisite pam_authtok_get.so.1 debug
  other password requisite pam_authtok_check.so.1 debug
  other password required pam_authtok_store.so.1 server_policy debug
  # Support for Kerberos V5 authentication (uncomment to use Kerberos)
  #rlogin auth optional pam_krb5.so.1 try_first_pass
  #login auth optional pam_krb5.so.1 try_first_pass
  #other auth optional pam_krb5.so.1 try_first_pass
  #cron account optional pam_krb5.so.1
  #other account optional pam_krb5.so.1
  #other session optional pam_krb5.so.1
  #other password optional pam_krb5.so.1 try_first_pass
  I can ssh into client with user VV which does not exist locally but exists in the directory server. This is from /var/adm/messages on the ldap client):
  May 17 15:25:07 client sshd[26956]: [ID 634615 auth.debug] pam_authtok_get:pam_sm_authenticate: flags = 0
  May 17 15:25:11 client sshd[26956]: [ID 896952 auth.debug] pam_unix_auth: entering pam_sm_authenticate()
  May 17 15:25:11 client sshd[26956]: [ID 285619 auth.debug] ldap pam_sm_authenticate(sshd VV), flags = 0
  May 17 15:25:11 client sshd[26956]: [ID 509786 auth.debug] roles pam_sm_authenticate, service = sshd user = VV ruser = not set rhost = h.A.B.C
  May 17 15:25:11 client sshd[26956]: [ID 579461 auth.debug] pam_unix_account: entering pam_sm_acct_mgmt()
  May 17 15:25:11 client sshd[26956]: [ID 724664 auth.debug] pam_ldap pam_sm_acct_mgmt: illegal option no_pass
  May 17 15:25:11 client sshd[26956]: [ID 100510 auth.debug] ldap pam_sm_acct_mgmt(VV), flags = 0
  May 17 15:25:11 client sshd[26953]: [ID 800047 auth.info] Accepted keyboard-interactive/pam for VV from 10.115.1.251 port 2703 ssh2
  May 17 15:25:11 client sshd[26953]: [ID 914923 auth.debug] pam_dhkeys: no valid mechs found. Trying AUTH_DES.
  May 17 15:25:11 client sshd[26953]: [ID 499478 auth.debug] pam_dhkeys: get_and_set_seckey: could not get secret key for keytype 192-0
  May 17 15:25:11 client sshd[26953]: [ID 507889 auth.debug] pam_dhkeys: mech key totals:
  May 17 15:25:11 client sshd[26953]: [ID 991756 auth.debug] pam_dhkeys: 0 valid mechanism(s)
  May 17 15:25:11 client sshd[26953]: [ID 898160 auth.debug] pam_dhkeys: 0 secret key(s) retrieved
  May 17 15:25:11 client sshd[26953]: [ID 403608 auth.debug] pam_dhkeys: 0 passwd decrypt successes
  May 17 15:25:11 client sshd[26953]: [ID 327308 auth.debug] pam_dhkeys: 0 secret key(s) set
  May 17 15:25:11 client sshd[26958]: [ID 965073 auth.debug] pam_dhkeys: cred reinit/refresh ignored
  If I try to then change the password with the `passwd` command it does not use the password policy on the directory server but the default defined in /etc/default/passwd
  bash-2.05$ passwd
  passwd: Changing password for VV
  Enter existing login password:
  New Password:
  passwd: Password too short - must be at least 8 characters.
  Please try again
  May 17 15:26:17 client passwd[27014]: [ID 285619 user.debug] ldap pam_sm_authenticate(passwd VV), flags = 0
  May 17 15:26:17 client passwd[27014]: [ID 509786 user.debug] roles pam_sm_authenticate, service = passwd user = VV ruser = not set rhost = not set
  May 17 15:26:17 client passwd[27014]: [ID 579461 user.debug] pam_unix_account: entering pam_sm_acct_mgmt()
  May 17 15:26:17 client passwd[27014]: [ID 724664 user.debug] pam_ldap pam_sm_acct_mgmt: illegal option no_pass
  May 17 15:26:17 client passwd[27014]: [ID 100510 user.debug] ldap pam_sm_acct_mgmt(VV), flags = 80000000
  May 17 15:26:17 client passwd[27014]: [ID 985558 user.debug] pam_dhkeys: entered pam_sm_chauthtok()
  May 17 15:26:17 client passwd[27014]: [ID 988707 user.debug] read_authtok: Copied AUTHTOK to OLDAUTHTOK
  May 17 15:26:20 client passwd[27014]: [ID 558286 user.debug] pam_authtok_check: pam_sm_chauthok called
  May 17 15:26:20 client passwd[27014]: [ID 271931 user.debug] pam_authtok_check: minimum length from /etc/default/passwd: 8
  May 17 15:26:20 client passwd[27014]: [ID 985558 user.debug] pam_dhkeys: entered pam_sm_chauthtok()
  May 17 15:26:20 client passwd[27014]: [ID 417489 user.debug] pam_dhkeys: OLDRPCPASS already set
  I am using the default policy on the directory server which states a minimum password length of 6 characters.
  server:root:LDAP_Master:/var/opt/SUNWdsee/dscc6/dcc/ads/ldif#dsconf get-server-prop -h server -p 389|grep ^pwd-
  pwd-accept-hashed-pwd-enabled : N/A
  pwd-check-enabled : off
  pwd-compat-mode : DS6-mode
  pwd-expire-no-warning-enabled : on
  pwd-expire-warning-delay : 1d
  pwd-failure-count-interval : 10m
  pwd-grace-login-limit : disabled
  pwd-keep-last-auth-time-enabled : off
  pwd-lockout-duration : disabled
  pwd-lockout-enabled : off
  pwd-lockout-repl-priority-enabled : on
  pwd-max-age : disabled
  pwd-max-failure-count : 3
  pwd-max-history-count : disabled
  pwd-min-age : disabled
  pwd-min-length : 6
  pwd-mod-gen-length : 6
  pwd-must-change-enabled : off
  pwd-root-dn-bypass-enabled : off
  pwd-safe-modify-enabled : off
  pwd-storage-scheme : CRYPT
  pwd-strong-check-dictionary-path : /opt/SUNWdsee/ds6/plugins/words-english-big.txt
  pwd-strong-check-enabled : off
  pwd-strong-check-require-charset : lower
  pwd-strong-check-require-charset : upper
  pwd-strong-check-require-charset : digit
  pwd-strong-check-require-charset : special
  pwd-supported-storage-scheme : CRYPT
  pwd-supported-storage-scheme : SHA
  pwd-supported-storage-scheme : SSHA
  pwd-supported-storage-scheme : NS-MTA-MD5
  pwd-supported-storage-scheme : CLEAR
  pwd-user-change-enabled : off
  Whereas /etc/default/passwd on the ldap client says passwords must be 8 characters. This is seen with the pam_authtok_check: minimum length from /etc/default/passwd: 8
  . It is clearly not using the policy from the directory server but checking locally. So I can login ok using the ldap server for authentication but when I try to change the password it does not use the policy from the server which says I only need a minimum lenght of 6 characters.
  I have read that pam_ldap is only supported for directory server 5.2. Because I am running ds6 and with password compatability in ds6 mode maybe this is my problem. Does anyone know of any updated pam_ldap modules for solaris 9?
  Edited by: ericduggan on Sep 8, 2008 5:30 AM

  you can try passwd -r ldap for changing the ldap passwds...

• Default role

  When we perform this code :
  alter user smith default role r1,r2;
  Does this mean the only enabled role for smith are r1 and r2,if yes how about the others including the ones with passwords ? are they disabled now if yes do we have to use set role to enabled them ?
  I'm a little bit confused .Any help would be thankful.

  Check the following link.
  http://download-west.oracle.com/docs/cd/B10501_01/appdev.920/a96590/adgsec01.htm#1005730

• Connect to remote jmx with password

  Hello,
  now I�ve a problem to connect a remote jmx server with passord authentification. No idea why it does not work, here my configuration:
  jmxremote.password:
  ================
  # or specify another, less accessible file in the management config file
  # as described above.
  # Following are two commented-out entries. The "measureRole" role has
  # password "QED". The "controlRole" role has password "R&D".
  test test1
  jmxremote.access
  ================
  # Default access control entries:
  # o The "monitorRole" role has readonly access.
  # o The "controlRole" role has readwrite access.
  test readwrite
  This are my sys parameter:
  JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote.port=9004"
  JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote.ssl=false"
  JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote"
  JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote.access.file=/home/tomcat/jmxremote.access"
  JAVA_OPTS="$JAVA_OPTS -Dcom.sun.management.jmxremote.password.file=/home/tomcat/jmxremote.password"
  The .access and .password file is on the correct place and there is no exception because of the file access rights. If I start the remote jconsole with -J-Djava.security.debug=all, this is the end:
  jar:
  jar: beginEntry com/sun/crypto/provider/SunJCE_i.class
  jar: Manifest Entry: com/sun/crypto/provider/SunJCE_i.class digest=SHA1
  jar: manifest d462e6ef45ec12081028cd7ccf922cc2ec553358
  jar: computed d462e6ef45ec12081028cd7ccf922cc2ec553358
  jar:
  Cipher: Crypto Permission check failed
  Cipher: granted: (CryptoPermission * 128)
  Cipher: requesting: (CryptoPermission AES 256)
  I�ve found already a solution for that and connect with jconsole with the url service:jmx:rmi:///jndi/rmi://hostname:9004/jmxconsole
  Provider: Set SUN provider property [SecureRandom.SHA1PRNG ImplementedIn/Software]
  Provider: Set SUN provider property [CertificateFactory.X.509 ImplementedIn/Software]
  Provider: Set SUN provider property [KeyStore.JKS ImplementedIn/Software]
  Provider: Set SUN provider property [CertPathValidator.PKIX ImplementedIn/Software]
  Provider: Set SUN provider property [CertPathBuilder.PKIX ImplementedIn/Software]
  Provider: Set SUN provider property [CertStore.LDAP ImplementedIn/Software]
  Provider: Set SUN provider property [CertStore.Collection ImplementedIn/Software]
  Provider: Set SUN provider property [CertStore.com.sun.security.IndexedCollection ImplementedIn/Software]
  ProviderConfig: Loaded provider SUN version 1.6
  Although there is no exception I am unable to connect to the remote jmx server...
  Thx for any help!
  Cheers,
  Thilko
  Edited by: smilie79 on Jan 17, 2008 1:53 AM
  Edited by: smilie79 on Jan 21, 2008 2:51 AM

  Hi,
  You might need to specify explicitely -Dcom.sun.management.jmxremote.authenticate=true on the command line.
  Hope this helps,
  -- daniel
  http://blogs.sun.com/jmxetc

• DEFAULT ROLE FOR USER

  I swich to Oracle11g express and create user
  CREATE USER LEO
  IDENTIFIED BY xy
  DEFAULT TABLESPACE USERS
  TEMPORARY TABLESPACE TEMP
  PROFILE DEFAULT
  ACCOUNT UNLOCK;
  -- 3 Roles for LEO
  GRANT AUTHENTICATEDUSER TO LEO;
  GRANT CONNECT TO LEO;
  GRANT FER_ADMIN TO LEO WITH ADMIN OPTION;
  ALTER USER LEO DEFAULT ROLE FER_ADMIN;
  -- 1 System Privilege for LEO
  GRANT CREATE SESSION TO LEO;
  -- 1 Tablespace Quota for LEO
  ALTER USER LEO QUOTA UNLIMITED ON USERS;
  and after login i check
  select * from SESSION_ROLES
  and i have none role
  if I set role all works fine.
  Why I doesn't have DEFAULT ROLE after login.
  Pleas for help .

  here is the solution
  default roles and grants
  Edited by: Leo Lakota on 4.10.2012 5:52