Hortonworks Ranger credentials - hortonworks-data-platform

I have installed HDP msi installer on windows server with two nodes. After the installation i haven't accessed the Ranger Portal with or without valid credentials.
How can i change the Ranger credentials in HDP 2.0?

By Ranger credentials if you mean Ranger Admin login, you can change it by :
Login to Ranger Admin at localhost:6080 with admin credentials
Click on Admin -> Profile from top right
Go to "Change Password" tab and change the password
Do let me know if you face any issues or you meant some other credentials.

The default credentials are:
username: admin
password: admin
If you never configured anything, chances are that these still work.

I hope you found your answer by now, but there's a way to set custom credentials for Ranger Admin UI without using the web UI.
In the install.properties file under ranger-admin directory, add the following property
rangerAdmin_password=<your_custom_password>
Now run ./setup.sh inside your ranger-admin directory. Then you can login to Ranger Admin (i.e. http://localhost:6080) using
Username: admin
Password: your_custom_password

Related

Wazuh - How to change admin password for web interface

I just installed WAZUH from its OVA.
The web interface is admin/admin
When I click reset password from the web interface i get this error
Failed to reset password. {"status":"FORBIDDEN","message":"Resource 'admin' is read-only."}
enter wazug admin password reset screenshot
I've googled/scanned documentation and can't find out how to change it.
I've looked through /usr/share/elasticsearch/plugins/opendistro_security/securityconfig/config.yml and cant see an option either?
A simple fix but its not just appearing for me via searching/reading the manual
I plan to secure the admin password then create a user account to do my work
Thanks in adavance
The admin and kibanaserver users are set to read-only as security measures, that is why it is not possible to change the password using the WUI and it must be changed in the configuration files.
This section of documentation talks about changing it: https://documentation.wazuh.com/4.0/user-manual/elasticsearch/elastic_tuning.html
Remember to update the new password in /etc/filebeat/filebeat.yml and /etc/kibana/kibana.yml if necessary.
I hope this information is helpful to you.
Best regards.
If running Wazuh on Kubernetes and you need to change the default passwords look for the following files:
elastic-cred-secret.yaml
internal_users.yaml
wazuh-api-cred-secret.yaml
wazuh-authd-pass-secret.yaml
The one caveat is you have to base64 encode the password before updating in the aforementioned files. Afterward, do kubectl patch or apply and your password will be updated.

Keycloak gives "Username or password is wrong" error after pressed "unlink users" button

I'm using a standalone Keycloak 4.5.0 version on the Centos for providing secure-login with LDAP for a web application.
It was working successfully but when somebody After pressing the "unlink users" button on the Keycloak Admin Panel > User federation > LDAP, anybody can not log in with the LDAP username and password because it gives that "Username or password is wrong" error.
I tried to pressing "Sychronize All Users" button but there is no changing.
So i restarted to keycloak appication from server but the problem was not change.
I checked the server logs of keycloak and it gives that :
11:22:51,152 ERROR [org.keycloak.events.EventBuilder] (default task-1) Event listener 'user' registered, but provider not found .
so please help me for this login problem and give info about the unlink users button.
thx for responses.
It is not possible for keycloak to get the password from ldap. After the unlink process the password can't be checked anymore and the login would fail. You have to set the "password reset action" for the users to let them specify a new one.
An interesting approach for migrating users can be found here: Migrate to Keycloak with Zero Downtime
Apparently, it's possible to re-link the users manually via the database:
Go to COMPONENT table, and find the configuration name of your LDAP
configuration in User Federation. Copy the ID
Go to your USER_ENTITY table and query the account you want to
restore
On the FEDERATION_LINK column of the account data, paste the
COMPONENT id
Verify by hitting the "Synchronized all user" button in your User
Federation configuration page
Sample query to Find Federation ID from COMPONENT table based on REALM_ID with query: SELECT id FROM COMPONENT WHERE NAME = '<mapper-ldap-name>' AND REALM_ID = '<realm-name>';.
Sample query to update federation_link column in USER_ENTITY based on REALM_ID with query:
UPDATE USER_ENTITY SET FEDERATION_LINK = '<federation-id>' WHERE REALM_ID = '<realm-name>';
We solved it by deleting all users except admin using a shell script like this and then "Synchronize all Users". You could also delete them through UI if you still have admin access.
kcadm=/opt/keycloak/bin/kcadm.sh
$kcadm config credentials --server http://localhost:8080/auth --realm master --user admin
for x in $($kcadm get users -r myrealm|jq -r '.[].id'); do $kcadm delete users/$x -r myrealm; done

What are the safety measures that i need to do after giving a freelance developer access to my magento2 backend credential and FTP credential?

I gave a freelance developer the magento2 backend credential and FTP credential to outsource the development of a custom magento2 module. What are the safety measures that i need to do aside from changing the passwords of magento2 backend and FTP to prevent from being hacked in the future?
Ensure that You are giving an admin panel with new user and password for your freelancer's to work. That you can done from magento2 admin panel itself. If you are not done so, if you were gave admin master user name and password you should need to change the password of your admin by using following query.
UPDATE admin_user SET password = CONCAT(SHA2('xxxxxxxYourNewPassword', 256), ':xxxxxxx:1') WHERE username = 'admin';
For more to know about reset password go to the link
And definitely you have to change the FTP Credential too from your server back end.
The most taking care you can prohibit the admin login with IP address.
Hope these things are helpful to you.

Unable to reset WAS admin password. unable to login WAS console

I am unable to login inot WAS Admin console. So I am trying to reset the admin credential after disabling security(security.xml-enabled="false"), but unable to save the new password. Any idea what should I check and troubleshoot?
I tried entering the credentials on soap.clients.props, but no help. WAS version : 7.0
From
http://www-01.ibm.com/support/knowledgecenter/SS7JFU_7.0.0/com.ibm.websphere.messages.doc/com.ibm.ejs.resources.security.html?cp=SS7JFU_7.0.0%2F1-15-7-225
SECJ7342E: Failed to validate user/password
Explanation Failed to validate user password in WIM registry
Action None
The credentials that you entered do they exist in the WIM registry?
From the screen shot it appears that you are using the File Based registry. Check that the ID and passwords match the values in that File Registry.
If you disabled security, then restart your server, so it starts plain, unsecured and enable security again via console. There will be prompt to specify admin user and password (I'm assuming you are using default Federated repository with file based). Provide new password there and restart the server.
In the page you are showing now, leave Server user identity as default - Automatically generated. This is not page, where you change user password.
Settings in soap.clients.props are not related to password changing. Once you set new password via console, you can update that file, so you won't be prompted, when you stop server from the command line.
This technote is also helpful when forgetting your WAS Admin console password:
Forgot password and cannot access WebSphere Application Server administrative console
https://www.ibm.com/support/docview.wss?uid=swg21405302

cPanel /Host / Access to phpMyAdmin

I have a host and cPanel access but only one main user and password to cPanel.
I want to give someone access to phpMyAdmin but don't want to give that person my main user and password for cPanel.
Is there anyway to give someone access to phpMyAdmin but not cPanel?
The phpMyAdmin which comes with cPanel (in the 3rdparty-directory) is apparently secured with the cpanel-authentication, so the answer is "no".
You could install your own phpMyAdmin (maybe it's even available in the script-center/one-click-installer) and set it up to directly authenticate on the MySQL-server with your custom MySQL-user or just let your user enter his credentials which you have supplied.
As I was looking for an answer to this question, I found the following method that did the job for me:
How to access phpMyAdmin directly from my domain?
This worked well for me, although I'm using a different hosting provider then Siteground.
Steps I followed:
Downloaded the phpmyadmin installation package. I found the appropriate version, as hosted on my server at sourceforge.net/projects/phpmyadmin/files/phpMyAdmin
Extracted the package.
Uploaded the files into a suitable folder. I used: public_html/phpmyadmin/
Now, via the direct URL [http://yourdomain.com/phpmyadmin] I can strictly grant access to a specific database, I have created in cPanel (using the specific user name + password).
Please note this extra security measure:
For additional security we would also recommend you to Password Protect the directory in which the tool is installed.
You cannot give direct access to your phpMyAdmin without providing direct cPanel access as well.
This is a security measure from cPanel as phpMyAdmin is known to be one of the most exploited PHP applications of all time. It is only available after you start your session by logging into cPanel.
A nice work-around this is to do the following:
Create a MySQL User for the other person. Assign that MySQL User to your Database. Both of those are done through:
cPanel -> MySQL Databases
After that you need to allow access for the other person by adding his/hers IP address in your Remote MySQL Connection - this is also a tool in cPanel
After that the other person will be able to connect to your Database without direct access to your cPanel nor phpMyAdmin, it can be done using software like MySQL WorkBench
cPanel user account has a privileges to control all created databases under cPanel account, And because phpMyAdmin in cPanel is using cPanel authentication you are automatically redirected to the phpMyAdmin control page without asking for login info.
Your target could be done with changing cPanel password without changing mysql user password.
You can do the following steps :
1 - Create MySQL user and add this user to database with full privs.
2 - Create new cPanel account Login through new account Change new cpanel
3 - user password through "Change Password" And un-check Allow MySQL
password change.
4 - Click phpMyAdmin from the new cpanel account and you
will be asked for login info
5- Type the login info of the created mysql
user in step1.
You can now login to the required database without old account cPanel info.
There is another soln is to copy /usr/local/cpanel/base/3rdparty/phpMyAdmin to /usr/local/apache/htdocs and login through http://ip/phpMyAdmin
Don't forget to change the auth_type in /usr/local/apache/htdocs/phpMyAdmin/config.inc.php to http or cookie

Resources