I had a similar experience the first day on the job as the first ever dedicated Remedy admin. The role of admin had either been contractors or the Help Desk manager. I was waiting for my account to be created when I decided to try Demo without a password. Built my own account thank you very much. And added a password to Demo shortly after :)
And even though I didn't have root access on the app server Remedy was running as root. I built a console to issue command via Remedy as root. Problem solved! I joke about the ARAdmin password but we ran with the default for many years. More years then I would like to admit. Security used to be an afterthought. Even worse other systems were using that account for integrations I took a lot of flak when I finally decided enough is enough and changed it from the default. Jason On Wed, Mar 13, 2013 at 12:32 PM, Joe D'Souza <[email protected]> wrote: > ** > > ** ** > > You’re funny Jason J**** > > ** ** > > I recall many years ago, when I was fairly new to Remedy, I was at a site, > and waiting on a MS-SQL system administrator on the sa password for > something (not an install or upgrade but just to login as sa to do > something on the server), and could not get in touch with that person, so > for fun I attempted to login into that DB (which was a standalone DB for > the AR Server) with sa and a blank password, and it went right in! And > later found out that many of the SQL servers on their network were having > blank passwords for sa J**** > > ** ** > > When I brought it to their attention, they had no idea these were > unprotected. They had several other network logins into these servers that > they had forgotten about the sa login..**** > > ** ** > > Joe**** > > ** ** > ------------------------------ > > *From:* Action Request System discussion list(ARSList) [mailto: > [email protected]] *On Behalf Of *Jason Miller > *Sent:* Wednesday, March 13, 2013 10:16 AM > > *To:* [email protected] > *Subject:* Re: Mid Tier administration password > **** > > ** ** > > ** **** > > Great, now we have to change our production db password. Thanks for > publishing it!**** > > On Mar 13, 2013 2:06 AM, "John Baker" <[email protected]> > wrote:**** > > Steve: It is difficult to compare a decade-old open-source enterprise-wide > solution (ie Atrium/OpenSSO), that is not well integrated with AR System, > with a modern solution built for AR System that sits neatly in Mid Tier > and is well supported/respected by BMC customers/partners. :) > > Matt's found a very nice video and it only goes to highlight the importance > of protecting against brute-force attacks, such as automatically locking > accounts in AR System after a number of failed login attempts. And of > course, changing the default AR#Admin# database password. > > Joe: An alternative mechanism of integrating Mid Tier and AR System would > be to use SSL client certificates. This is how the HP Service Manager web > application is integrated with the SM server side application (ie ARS in > this world). The down side of this approach is the complexity: SSL client > certs is far more complicated to configure than simply entering a > password. > > > John **** > _ARSlist: "Where the Answers Are" and have been for 20 years_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
