Question on OIM security questions

Similar Messages

• " Secure value. Cannot be logged "  - message during OIM configuration

  Have Linux 5.2, db 11.2, RCU 11.1.3, OIM 11.1.13
  Get the following messages while configuring OIM:
  "Secure value. Cannot be logged"
  ts passed to the handler: [ OIMDBINFORMATION_PAGE_DB_PASSWORD_LBL ( field ) = "Password" ], [ OIM_SCHEMA_USER_PASSWORD ( value ) = "<Secure value. Cannot be logged>" ]
  Is it normal?
  Any suggestion will be appriciated.

  Have Linux 5.2, db 11.2, RCU 11.1.3, OIM 11.1.13
  Get the following messages while configuring OIM:
  "Secure value. Cannot be logged"
  ts passed to the handler: [ OIMDBINFORMATION_PAGE_DB_PASSWORD_LBL ( field ) = "Password" ], [ OIM_SCHEMA_USER_PASSWORD ( value ) = "<Secure value. Cannot be logged>" ]
  Is it normal?
  Any suggestion will be appriciated.

• Process Tasks execute

  I have a process Task upon completion will execute 3 more additional tasks. I want this to go in an order.
  Tried to add dependent/preceeding task but this is not allowing for Xellerate User.

  According to the suggestion, Updating the database directly is not an optionIf you want to achieve it through Dependent Task in Xellerate Users then you'll have to go for Databse Update only as OIM Security policies doesn't allow changes in Xellerate Users.
  Second thing, what do you mean by Rehire. Does it mean that user was disabled earlier and now his status is changing to "Active", if yes, then why don't you go for EventHandlers on Post Update?
  If he is coming as new user then put your event handler on Post Insert

• My iPad wont let me download apps bc security questions, but when I try to make them it freezes

  Every time I try to download an app it tells me I need to update my security questions, but once I click to make the questions the box goes white. So I'm not sure how to fix it

  The new questions show on your account on http://appleid.apple.com ? If they do then try logging out and back into your account on your phone (assuming that is where you are trying to purchase from) and see if the new questions then show on it.

• A unix-like security question?

  Something happened on my Mac the other day, that kind of scared me. First, a little bit about my home setup.
  I have a small smtp mailserver running on my desktop Mac for family members - a big whoppin' five accounts. Three of the five of us live at home, two don't and remotely access email via SSL-enabled imap and SSL-enabled smtp. There is a laptop computer at home that accesses the imap and smtp servers on ports 143 and a non-standard smtp port. Traditionally, it has been used at home only, so I don't require SSL because it runs inside a WPA-protected wireless channel. Its mailserver info, set up in Mail.app, uses {computerName}.local as its mailservers. So, no access from outside my local WLAN. I also get my foreign mail, virus-scanned and spam-assassinated, from an MX agent that downloads that traffic to me on that same non-standard smtp port. For what it's worth, outbound smtp from the home mailserver is via port 25.
  On the desktop Mac, I also have ssh running, but on a non-standard port, and in sshd_config, I specify protocol 2 only, root login disabled, no password/no PAM authentication, only DSA public key authentication. In NetInfo Manger, I keep the root account disabled.
  On the Mac, in System Prefs' Sharing firewall, I have the non-standard smtp port, imap, imaps, non-standard port ssh, ard and vnc (so I can run CotVNC from the laptop at home), and afp (also for the laptop at home) open for uinvited traffic. Also ntp (probably don't need that since I'm not running a time server), and dns (for reasons discussed below). On my DSL router, I only have the non-standard smtp and ssh ports, and the imapS ports open. (When outside my home WLAN, on a foreign network, I port-forward VNC and afp over ssh if I want to do one of those things)
  So anyways, for the benefit of the laptop, I enabled DNS on the desktop, so that I could change the laptop's Mail.app's accounts' preferences to point to the same imaps and smtp server using my external WAN host name, whether it was inside or outside my home LAN (inside the home LAN, the laptop couldn't resolve my external domain name, and outside the home LAN, {computerName}.local was not routable). But by enabling DNS, I could reference my external host name to my 192.168.x.x IP address, and the laptop would find the server inside the home LAN, as well as find it outside the home LAN (by virtue of services like DynDNS and NoIP DNSs resolving it to my ISP-assigned dynamic external WAN IP). For what its worth, yes, the laptop's mail preferences enabled SSL for both smtp and imaps, so SSL would be used even inside the WPA-protected channel, just as my users that don't live at home have SSL enabled as they network .
  Now for the scary part: the other day, while at home and with the laptop affiliated to my home wireless (WPA-protected) LAN, I ssh'ed into my desktop computer. Either the ssh connection or the desktop computer was running dirt slow. For some reason, I decided to do a tcpdump, and I saw all kinds of traffic going out to hosts all over the world.
  After the fact, I think it was just my DNS talking to the sixteen or so root servers, although none of the tcpdump entries used names like "a.root-servers.net" -- there was stuff with an army.mil, a nasa.gov, etc. I think I remember seeing something with a "umd.edu" in it, which there is a commented entry in /var/named/named.ca that has that has a "umd.edu" in it, so that's why I am thinking that my DNS was just gabbing with a bunch of root servers. Not sure why it was gabbing with them since I can't think of any reason why it would have been trying to do name resolutions or anything. At the time, seeing all these packets being initiated by my computer and being sent worldwide freaked me out.
  But what really freaked me out is when I control-C'ed the tcpdump and did a "users" to see who or what might be generating them and saw my username and ... root! Repeating the "users" command a few times more, and it still showed "root" as one of the active users. I immediately ran to the computer and pulled the DSL plug out of the wall, and tried to figure out what was going on. I've got HenWen running, and didn't see anything outside of the usual unicast ARP warnings. After thinking that it might be DNS itself, I disabled DNS just to see what sort of traffic I would see in a tcpdump. Just local subnet broadcasts and arp requests. I have not re-enabled DNS yet.
  And the story gets better: a day or two later, I glance at my System Preferences firewall settings, and the firewall was OFF! Fortunately, the DSL modem's firewall was still on, only allowing uninvited inbound imaps, smtp, and ssh traffic. I don't remember ever turning off the desktop's firewall, and no one else uses that computer -- they all hop on the laptop, plus they don't know the admin password anyways. So that was a little freaky, too, but, I'll assume for now that I must have inadvertently turned it off when I was doing something, and never turned it back on.
  My immediate question is, if you have DNS turned on, would it ever do anything as root, and hence, show up as an active user in response to a "users" command? And not that there were any (/var/cron/tabs) cron jobs scheduled to be active at that particular time, but if there were a /var/cron/tabs/root job actively running, would root then show up as an active user in response to a "users" command?
  Signed,
  Scared!

  Hi J.V.
     First, I have to say that yours is an impressive setup. If you're not a sysadmin, you certainly could be. Also, you have a knowledge of much of this that surpasses mine so I may be of no help. However, I do use the "who" command to see if anyone has broken in and I've never seen the root user listed.
     There are doubtless more processes running as root on a typical system than those running as the user logged into the GUI. However, none of those root processes are the result of a login. I believe that the "users" and "who" commands only report users that are logged in. I don't see the root user with the "who" command even if I create a root shell with sudo. Although I don't know this for a fact, I don't believe that it should be possible to see the root user with the "who" command if the root account is disabled in NetInfo. By the way, I recommend the "who -u" command to the "users" command as it provides quite a bit more information. When I login to my machine via SSH, the domain name of the remote host is included in the output of the "who" command.
     There was a situation on Panther where the root user could be listed in NetInfo Manager as disabled when it was actually enabled. I don't believe that is possible in Tiger but you can check with the command,
  nicl . -read /users/root
  If the password is only a single asterisk or ideally the authentication_authority string contains ";DisabledUser;", the root user should really be disabled.
     I can see that you're quite knowledgeable about networking and comfortable with tools that examine packets. However, there are methods of intrusion detections that aren't directly network related. They may be of use in your situation.
     The simplest is the /var/log/secure.log. Acquisition of root privileges via sudo does show up in this log but there may be enough information about the circumstances to determine which uses of root privileges are normal.
     A more complex method is process accounting. This records every command executed on the system. It provides information similar to the "who" command but doesn't provide the arguments that were used in executing the command nor any process IDs. If you actually do discover unusual activity real time, a full dump of process information with the "ps" command can provide a useful complement to the information recorded by process accounting. You can turn on process account simply by creating a /var/account/acct file and executing:
  sudo accton /private/var/account/acct
  You can read the result with the command:
  sudo lastcomm
  I should warn you that process accounting shouldn't be left on without developing a log rotation mechanism for the above file as it can grow large rather quickly.
     The mechanism for doing for system what Snort does for the network is Security Auditing. This system was developed by Sun and distributed by Apple for OS X in their Common Criteria Tools. To understand the the output of auditing and to customize the configuration requires at least as much study as mastering snort. It can also output a lot of information. However, like Snort, it is the ultimate at what it does.
     There is a minor rootkit for Mac OS X named Opener. Unlike a "real" rootkit it is easy to detect if you know what you're looking for. In reported versions, there is a StartupItem in /Library/StartupItems named "opener". I would check that directory for any unusual StartupItem.
  Gary
  ~~~~
     Adam was but human--this explains it all. He did not want
     the apple for the apple's sake, he wanted it only because
     it was forbidden. The mistake was in not forbidding the
     serpent; then he would have eaten the serpent.
           -- Mark Twain, "Pudd'nhead Wilson's Calendar"

• How do I delete an Apple iCloud account from my iPhone without password, security questions, or email?

  For some reason, an old iD is stuck on my phone. My iPhone 4s is nearly filled with documents and data, to the point where I cannot take pictures, and I can't reset it without using this old iD. I don't know why this is now popping up instead of the one I am registered with. I gained access to the old email the iD is under, but none of the iTunes emails are coming in so I assume it is set up under a different email. For the security question of birthdays, I tried every household member's birthday, and none worked. I have tried the password we used on that account when it was active, along with every other possiblility. I don't know what to do anymore and I have very limited use of my phone if I don't get this sorted out and deleted from my phone.
  Thank you for any help!

  Not without password.

• My old email account was disabled and I can't remember my password - how can I reset my password or move $ to a new itunes/email account?  It seems I must have mis-typed my information because I can't answer the security questions correctly...

  My old email account is disabled and I can't remember my itunes password - how can I reset my password or move $ to a new itunes/email account?  It seems I must have mis-typed my account information because I can't answer the security questions correctly...

  ➡ https://iforgot.apple.com/

• How can I access my iCloud email account when I don't remember the password and Apple won't accept the answer to my security question?

  I set up an email account with " @me.com". I get a wrong password message when I try to log in. When I try to change my password I get an INcorrect answer message to the security question I'm asked my birth date so I know I have it right, unless I did a typo when I set up the account. When I choose email me the reset password lnk I cannot retrieve the email because it won't accept the password. I wanted to justemail Apple for instructions but cannot find an email address for that. Any help would be appreciated.

  I tried that without any luck. I was hoping I could get Apple to reset it for me or delete the account so I could recreate it or at least tell me what is listed as my birth date, the security question answer.

• I've forgotten my security question answers, and now it won't let me download anything without them.., I've forgotten my security question answers, and now it won't let me download anything without them..

  Help.. I've had this issue for over a month, i have over five dollars on my iTunes account and i want to buy music and games but Itunes continuously requests for my Itunes security questions. Is there any possible way i can CHANGE then without having to make a new itunes account?

  You need to contact Apple to get the questions reset, which can be done by clicking here and picking a method for your country, or if that's not an option, by filling out and submitting this form.
  (95930)

• How can you change your security question for I tunes?

  How can you change your security question for I tunes?

  If you have a rescue email address (which is not the same thing as an alternate email address) set up on your account then the steps half-way down this page give you a reset link on your account : http://support.apple.com/kb/HT5312
  If you don't have a rescue email address (you won't be able to add one until you can answer 2 of your questions) then you will need to contact iTunes Support / Apple to get the questions reset.
  Contacting Apple about account security : http://support.apple.com/kb/HT5699
  When they've been reset (and if you don't already have a rescue email address) you can then use the steps half-way down the HT5312 link above to add a rescue email address for potential future use

• I can't remember the answers to ANY of my security questions. And in order to reset them I apparently have to remember the answers to at least two, which doesn't really help me at all considering my dilemma. Anyone know what I should do??

  Please help!! I can't remember any of the answers to my security questions (I made them approximately four years ago and don't know what I was thinking).
  How can I change my questions without answering my security questions that I don't know?!??

  You need to ask Apple to reset your security questions; this can be done by phoning AppleCare and asking for the Account Security team, or clicking here and picking a method, or if your country isn't listed in either article, filling out and submitting this form.
  They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
  (105971)

• I've forgot my answers for security questions. Can't you reset them or do something like this?

  I have bought a new iphone 5s a week ago. Today I wanted to purchase an app. And the security system asked me for an answer for my security questions.  But I don't remember them. What should I do?

  Frequently asked questions about Apple ID - http://support.apple.com/kb/HE37 --> Can I change the answers to the security questions for my Apple ID?  --> Yes. You can change the answers to the security questions provided when you originally signed up for your Apple ID. Go to My Apple ID (http://appleid.apple.com/) and click Manage your account.
  Some Solutions for Resetting Forgotten Security Questions - https://discussions.apple.com/docs/DOC-4551
  Rescue email address and how to reset Apple ID security questions - http://support.apple.com/kb/ht5312 - "If you can't recall your Apple ID security questions and answers, the optional rescue email provides a way to reset them. Additionally, all future security-related emails for your Apple ID will be sent to the rescue email address."
  Jan 2014 post about contacting Apple to reset security questions - https://discussions.apple.com/message/24543247 and https://discussions.apple.com/message/24671039
  If you can't remember them over the space of a week you had better write them down.

• I have no "Rescue email" contact in order to reset my security questions and I don't believe I ever answered any security questions when I created my Apple ID for Itunes.  Someone kindly sent me Apple support link but to no avail!  Please Help me!

  I have no "Rescue email" contact in order to reset my security questions!!  I've been trying now for 4 days to contact Apple/Itunes but I only get sent answers from a support team that say they cannot help me with my problem!! 
  The thing is that I can't ever remember answering any security questions and without a rescue email, I'm unable to reset them or even set them for the first time!!
  I can't believe that no-one from Apple/Itunes can help me with this simple problem but unfortunately that is the case - Incredible, isn't it!!!
  Would anyone know how I could solve this problem online???   Because each time I sign into Itunes, the same security questions reappear and reappear and reappear.  In fact I've got to the point where I feel like uninstalling Itunes and downloading an alternative.
  Many thanks

  You need to ask Apple to reset your security questions; this can be done by clicking here and picking a method, or if your country isn't listed, filling out and submitting this form.
  They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
  (111154)

• HT2204 I don't remember the answers to the security question to authorize my new laptop to use iTunes. How to sort this problem?

  iTunes requires me to answer to a couple of security questions to authorize me to use it on my new mac book pro, but I don't rimember the answer to them. I can I sort out this problem?
  Thank you for helping...
  Danila63

   Account Security Team (AST) 
  Check the AppleCare number for your country here:
  http://support.apple.com/kb/HE57
  Call them up, and let them know you would like to be transferred to the Account Security Team.

• How do you change your rescue email address if it's wrong and you need to update your security questions for your Apple I'D?

  When downloading apps I am asked for my apple ID which works but I can't get past the security questions. Then when I ask to reset the questions it sends an email to a rescue email address that no longer exists. Does anybody know where I can reset this email address?

  On your computer or safari on your iOS device navigate to:
            For Canada - https://appleid.apple.com/ca.
            For United States - https://appleid.apple.com/us/.
  Click the "Manage your Apple ID" button, and sign in to your iCloud account.  Once in, on the left side select "Password and Security", and this will populate our options on the right side.  You should see an option to reset your security questions. 
  Also see this article - http://support.apple.com/kb/HT5312. 
  If for any reason you can not reset these security questions, or get an error, then you may need to contact Apple directly at 1 800 692 7753.  Explain the issue, and they can get your to a "Account Security" agent, who will be able to verify your identity, and assist in resetting the security questions.