Mixed authentication support
Article ID: 416448
Updated On:
Products
CA Harvest Software Change Manager
Issue/Introduction
I would like to have a specific user setup so that it is not subject to existing authentication requirements. The existing environment is configured for LDAP integration, and has a policy for password reset every 30 days. The given user of interest would not be subject to such requirements. Is there a way to allow this in Harvest
Environment
Release: 14.5 and above
CA Harvest Software Change Manager
Resolution
While Harvest cannot override authentication requirements of the LDAP server, what can be done is to create a user that is authenticated internally (by Harvest instead of LDAP) and then to set Harvest to override the password policy for the internal user. Here's how.
- Use the Harvest Administrator Tool to create a new user. Make sure the "External Authentication" checkbox is not checked. Add this new user to any user groups that are needed.
- Execute the "hppolget" command to extract the Harvest password policy settings to a text file.
- Edit the text file and append to the bottom in the "# User-Level Overrides" section a line with
<username>.
Save and close the file.passwordneverexpires = true - Execute the "hppolset" command to import the updated password policy settings to Harvest.
Additional Information
For this to work, the following setting must exist in the HServer.arg file
-mixedauthmode=1
This allows for authentication for both internal users and LDAP users. If you change this setting you will need to restart the broker for it to take effect.
Feedback
Yes
No
Powered by
