Have a requirement to reset passwords

book

Article ID: 222336

calendar_today

Updated On:

Products

CA Harvest Software Change Manager

Issue/Introduction

We have a requirement to reset our Harvest passwords.  How can we do this?

Environment

Release : 13.0

Component :

Resolution

Looking at the 4 types of userids that Harvest normally uses, we can learn how to reconfigure Harvest when those passwords change: 

  1. The userid and password that is used to login to Harvest
  • This is used when logging into one of the GUI tools such as Workbench or Administrator Tool, or when using one of the command line utilities.
  • With Workbench or Administrator Tool the user would just type in their login credentials to get logged in. 
  • With command line utilities the userid and password can be included on the command line with the “-usr” and “-pw” options, or it can be stored in an encrypted password file and used that way with the “-eh” option.  If your Harvest system uses any custom scripts or UDPs, you should check those carefully for any Harvest command line utilities that might need to be updated.
  • If Harvest is using the “internal” authentication mode, the userids and passwords are stored inside the Harvest database and passwords can be changed using the Administrator Tool or the “husrmgr” command line utility.
  • If Harvest is using the “openldap” authentication mode, the userids and passwords are maintained in the Active Directory or LDAP system and must be changed there.
  • You can learn whether Harvest is using “internal” or “openldap” authentication mode by checking the %CA_SCM_HOME%\HServer.arg file and finding the “-authmode” option.
  • To update any encrypted password files you would use the “svrenc” command line utility: https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/harvest-scm/13-0/command-reference/get-started-with-ca-harvest-scm-commands/svrenc-command-encrypt-user-and-password-credentials-to-a-file.html 
  1. The userid and password that Harvest uses to login to the database
  • Harvest uses this information to connect to the database server that is hosting the Harvest database.
  • This userid and password is stored in a hidden file in the %CA_SCM_HOME% folder called “hsvr.dfo”
  • If your database server is Oracle:
    • This needs to be the userid that is the “schema owner” for the Harvest database.
    • The password is changed by your DBA or by logging into SQL Plus and executing the “ALTER USER … IDENTIFIED BY …;” command.
  • If your database server is SQL Server,
    • I think this is more flexible, but must be a valid userid and password
    • The password can be changed using SQL Server Management Studio
  • After your Harvest database password has changed, you will need to use the “svrenc” command line utility with the “-s” option to create a new encrypted password file for Harvest to use.  Then stop the broker and restart. 
  1. The userid and password that Harvest uses to connect to the LDAP server (if you’re configured to use “openldap” as your authentication mode)
  • Harvest uses this to login to the LDAP server for purposes of querying and authenticating users.
  • The userid that Harvest will use for this is found in the %CA_SCM_HOME%\HServer.arg file, the “-ldapbinddn” option.  It will need to be listed as the user’s “distinguished name” as it is found in the LDAP directory.
  • The password that Harvest will use for this is also found in the %CA_SCM_HOME%\HServer.arg file.  The HServer.arg file will either list the password in plain text with the “-ldapbindpw” option, or it will list the name of an encrypted password file containing the password with the “-ldapbindpwfile” option.
  • To update, use the “svrenc” command to create a new encrypted password file. 
  1. The userid and password that Harvest uses to connect to a remote agent machine
  • Harvest uses this to connect to a Harvest agent service on a remote server for purposes of deploying files.
  • Look for any checkout (hco), checkin (hci), synchronize (hsync) or hrefresh commands in scripts or UDPs and either update plain text passwords or encrypted password files accordingly.