Beginning with Release 9.3.2 (9.3.3 was released in October), Agile has significantly improved the security of system passwords. Passwords for system level accounts (superadmin, ifsuser, admin and agileuser) are now encrypted using DES methods and a key file located in the database.
This means that if you just import a database from another server, it will not work. The only way to correct the mismatched passwords and key file is to reinstall Agile against that new database. This will reset all of the passwords and the resident key file.
To avoid this problem, gather the relevant encrypted strings from the target database/system BEFORE doing the import. This is accomplished using a series of SQL statements listed below (and in support doc Agile Product Lifecycle Management (PLM) 9.3.2 Changes in Password Encryption [ID 1526469.1]).
- Open a command window (or terminal window if using Linux/Unix).
- Start SQLPLUS - sqlplus/nolog
- Connect to the database - connect agile@agile9
- Run the following commands and save the output:[clear] SELECT id, loginid, login_pwd FROM agileuser WHERE loginid IN ('admin', 'superadmin', 'ifsuser', 'agileuser'); [clear](Note:You can retrieve passwords for other users but 'superadmin', 'ifsuser' and 'admin' accounts are necessary to get the application started and log in as 'admin'.) [clear]SELECT value FROM propertytable WHERE parentid=5004 AND propertyid=1008; [clear](This retrieves the encrypted KEYSTORE value.)
- Perform the database import.
- Update the password and key store values.[clear]UPDATE propertytable SET value='' WHERE parentid=5004 AND propertyid=1008;[clear]commit;[clear]For each encrypted user password that was saved:[clear]UPDATE agileuser SET login_pwd ='' WHERE loginid = 'admin';[clear]UPDATE agileuser SET login_pwd ='' WHERE loginid = 'superadmin';[clear]UPDATE agileuser SET login_pwd ='' WHERE loginid = 'ifsuser';[clear]UPDATE agileuser SET login_pwd =‘' WHERE loginid = 'agileuser';[clear]commit;
If you follow these guidelines, refreshing TEST or DEV environments from a PRODUCTION environment will become much less painful. Of course, there are other steps you can take to make the refresh process even easier. Here are some suggestions.
- Use ACP to capture basic server configuration information. Using four simple directives in the ACP config.xml file:[clear]<server_file_manager/>[clear]<server_location/>[clear]<server_preference/>[clear]<viewers_and_files/>
- Automate ACP to gather these settings on a weekly basis. This means you ALWAYS have a recent / current copy of the configurations.
- Agile PLM supports database pump for faster export and import especially on large databases.
- Automate the process of gathering the new encrypted passwords on a regular basis to insure you always have the necessary values.