Configure one policy manger user password not to expire

book

Article ID: 195950

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction


We have several users in CA Portal Gateway. In the settings we've set our users password to expire every 90 days. This is right and we are compelled to do so by our policies.

However we have one of the users whose password we want not to expire.

When it does it causes alerts since it's used by our monitoring system.

Is it supported to bypass the expiration policy for one of the users?

 

Cause

By default the admin user will not expire however rest of the user password will by default expire in 90 days. Please refer to 1 and 2 in reference.

Environment

Release : 9.4

Component : API GATEWAY

Resolution

The can be two approach to solution

I ) If the user is not existing

1. Take a backup of the whole table

mysqldump ssg internal_user > internal_user.sql

2. open the file internal_user.sql and check if the file is correctly populated.

3.confirm the username of user you want to change

select * from internal_user \G;

4. update internal_user SET password_expiry = -1 WHERE name = '';

 

II) If user is not existing in policy manager

1. First turn off the password expiry - uncheck the box as shown before .

2. Then create a new user.

 

3. Go to db and double check  , it should show like

expiration: -1
password_expiry: -1
change_password: 0

4. Then check the password policy again.

Additional Information

1) https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/9-4/security-configuration-in-policy-manager/tasks-menu-security-options/manage-password-policy.html

2) https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-api-management/api-gateway/9-4/reference/pci-dss-implementation-guide/access-control-and-gateway-management/internal-users-for-gateway-administration.html