I've been searching the documentation on - https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/pwd-policies-how - to figure out how to automate password rotation on service accounts. Unfortunately, I cannot find any available option on Red Hat documentation. I've found some 3rd-party applications that can automate the rotation of the service accounts' passwords. I'll like to find out if the 3rd-party application is the only option here. Thanks
By default, Max lifetime of service account passwords on redhat IDM = 90 days. No configuration needed to automate the process, except you require a lower Max lifetime.
Related
i'm creating EMM-managed enterprise. This is the recommended method (no signup page nor google account required)
https://developers.google.com/android/management/create-enterprise#emm-managed_enterprises
but, with this enterprise, end user have no IT admin account to connect to managed google play on https://play.google.com/work
what is the correct way to approve applications with this type of enterprises?
EMM Managed enterprise is no longer the recommended method to create an enterprise, Instead, we suggest starting a Customer-managed enterprises.
Additionally, with Android Management API any application added under the application policy behaves based on the configured installType. The play store mode policy determines the behavior of the apps on the device play store.
You will still need to follow all of the policy distribution steps mentioned in this documentation.
I have a ONETIME business requirement to move approx. 10,000 AD accounts from various OU's to another domain. As the move is between a locked down on-premise data center, to an AD in the cloud. Hence I can't get connectivity between the two domains. An application is moving out of the DC to the cloud to ease security restrictions, and we are hoping to avoid a mass password change on all the accounts.
I don't have much experience with AD, as I'm more of an application dev guy than a security infrastructure dude - so here goes my perhaps ignorant question.
I've used DSInternals.com to dump the domain using Get-ADReplaccount (Windows Server 2008 R2), and saving the data to a file, but I don't know what to do after this point.
I'm hoping that I can now use this data to import accounts back into a another domain, under a different OU, and "import" them all (including the password hash) into the new domain, on another server.
If Get-ADReplAccount is used to extract, what is the SET cmdlet to use that data?
You can import NTLM hashes into AD using the Set-SamAccountPasswordHash cmdlet from the DSInternals module. Example:
Set-SamAccountPasswordHash -SamAccountName john -Domain ADATUM -NTHash 92937945b518814341de3f726500d4ff -Server dc1.adatum.com
The hashes can be retrieved either online using Get-ADReplAccount or offline using Get-ADDBAccount from the same module.
Forcing a password change is encouraged though, because such accounts would be missing Kerberos AES keys, so only Kerberos RC4 would be used during authentication of accounts migrated this way.
Apart from Technology support , what are all the business benefits for oracle web logic server. For example in area of security,support etc.
What are all the new features supported by weblogic ?
TL;DR:
Support is great when you open ticket with Oracle Support (Weblogic strictly).
Great admin/read-only user implementation. We authenticate to Windows Active Directory. Developers get read-only accounts, reduces churn for them to wait for ops to transfer logs and validate settings.
Dashboard useful out-of-box to do real-time monitoring without additional tools or installs. Easily accessed by any one who is authenticated to login. We could give it to our CIO if he wanted in about 3 minutes by adding him to the right authorized group in AD.
Easier to clone environments.
I haven't worked with OC4J but I believe Oracle's roadmap is picking Weblogic as their preferred Java application server. You can see it is the base technology for some of their other products, such as Oracle Service Bus, Oracle Enterprise Manager (OEM), and Oracle Line Planning.
I have opened 3 Oracle tickets in the past month. I was surprised at how fast they answered. For a Severity 3 ticket (medium), they usually have responded in 2-3 days. I can't say the same for their other services (over 2 weeks for a ticket on OEM).
Security is a pretty broad scope... so you'd have to be a little more specific on some of the topics of security.
One thing that is pretty awesome is the Dashboard. http://docs.oracle.com/cd/E14571_01/web.1111/e13714/dashboard.htm You can obviously add read-only monitor accounts so other users can get insight to the performance. We add developers to this so that they can validate any settings, or see performance whenever there is a production issue.
We used Microsoft Active Directory authentication in our Weblogic domains. People are not using the default weblogic administrator user so configuration changes are audited. When someone's account gets disabled when leaving the company, it disables their access to Weblogic similarly. You don't have to change the password.
Other useful settings I like in it is the ability to automatically archive config changes. Each time someone makes a config change, a backup is automatically created. This allows me to go fix something when developers break their environment without having to majorly reverse-engineer what they did.
I also like the fact that you can pack and unpack the domains. I've used it to move entire domains from staging to production with some minor changes... i.e. change all stg to prod variables. This should likewise make it easier to 'clone' environments when you want to build out a new one.
Although not related, I should mention Oracle Enterprise Manager. We are an Oracle shop because they seem to have given us a good deal on licencing. So we get to run Oracle Enterprise Manager, which is a tool slowly becoming more and more useful. The agent also reports how our RedHat Linux hosts are behaving, network input/output, CPU utilization, memory utilization, java heap stacks. We are going to move to defining groups within that has all the targets related to an application stack. This will give our operations team the insight to see where the bottleneck might be... the Oracle Weblogic web layer, network, Oracle Service Bus, or Oracle Database performance.
Supposedly, you can add jBoss, other JMX monitoring as well to OEM. It's on our to-do list for non-Weblogic instance. We're slowly rolling OEM out.
I plan to implement my website (asp.net & sql2008) using windows azure, but I have difficulty to do it because windows azure has not released yet in my location (Indonesia).
Should someone like to share the solution the same with my problem would be appreciated.
The question was asked on MSDN and the answer is that it is not possible. The only solution is to wait for Windows Azure available in your country.
MSDN Forum
Just run your apps on HK or Singapore Windows Azure Public Data Centers, these are the APAC Data Centers for your region.
for testing reasons, I wanted to create an Azure account, and faced the same here in Egypt.
I've made it by remotely logging into one of our U.S-based servers, and registered from there :) If you can't do so, and need this account badly, and don't have such server, try using TOR.
Update: TOR is a proxy-like solution for your internet connection, it will redirect all requests/responses to a node on the TOR network, which consists of volunteers like you and me.
so my solution is simple, we gonna use tor to simulate that you are inside one of the permitted countries, and register your account with ease.
what you gonna need is to install TOR and configure your browser to use it, but my personal recommendation is to install TOR browser bundle, it's TOR+a Browser that is pre-configured to use it.
you gonna find a nice video on the TOR browser bundle page that will give you an overview about it.
give it a try, and tell me what happened.
I know there are tools to manage your EC2 environment. I currently use the Eclipse Plugin and the iPhone app iAWSManager. What i'm looking for is a management service that allows you to create multiple users with roles and privileges. I have clients that sign up for EC2 but need help setting up and managing everything. At the very least they should be able to setup multiple logins so they can monitor who is doing what on the account (rather than sharing the single login). Better would be to assign privileges for who could create and launch an instance, create and assign/just assign Elastic IPs/EBS to instances etc.
Since enterprises are supposed to be using EC2 how do they manage this well? How do they create audit trails of activity?
RightScale, YLastic or EnStratus support roles and priviledges. However, they are not for free...
I'll add Scalr to the list, which is a cloud management software like RightScale (disclaimer: I work there). We released our permissions feature last January. It allows you to create different teams and environments and attribute them privileges on a granular basis. It means you can grant different permissions to different people. You can learn more on this blogpost.
Scalr is available as a hosted service which includes support. If you are looking for a free solution, you can download the source code, which is released under the Apache 2 license, and install it your self.
As mentioned earlier, RightScale and enStratus are two other alternatives.