-
Title
SharePlex alternative user authentication for CNC_ERR_INVALID_PASS error in SharePlex Manager -
Description
In SharePlex version 7.6.2, SharePlex supports a locally maintained user file that serves as an alternative authentication facility. This can be useful where there are security restrictions such that su, which is required for remote authentication, cannot be used.
SharePlex Manager web services log may contain below error
2015-06-12 14:11:19 ERROR:rails: RuntimeError (CNC_ERR_INVALID_PASS:cnc_tcp_connect() Invalid password (host=xxx.xxx.xxx.xx:2100)):
-
Cause
Documentation
-
Resolution
The locally managed SharePlex user file is stored in optdir/data and is named product-users. There is a default user in the file installed with the product. The user “shareplex”, password “manager”, has “observer” privileges (same as sp_view).
> cat data/product-users
# SharePlex user registry file.
# Format:
# <username>:<password>:<role>
#
# Where <role> may be one of the following:
# administrator - The user has full control
# operator - The user has limited control
# observer - The user can only browse the information
#
shareplex:jt9ajM5VKJiQ.:observer
To add a user that can administer SharePlex, edit the file and add a line for the user, the encrypted password, and the role, separated by the ‘:’ character. If only the username and encrypted password are provided, SharePlex will assign the “observer” role to that user.
Password encryption can be generated on any Unix-based system using the htpasswd facility if it is installed. Note that the password must be encrypted using htpasswd’s default encryption for Unix - CRYPT.
> htpasswd -nbd shareplex manager
shareplex:QKQqRH8YBzHjk
To avoid having to create any user at the OS level, try using shareplex/manager in discovery as the user and password is already stored in product-users
[ORA11GR2@servername]/home/username/prod80/data> cat product-users (where the path is an example taken from a server)
# SharePlex user registry file.
# Format:
# <username>:<password>:<role>
#
# Where <role> may be one of the following:
# administrator - The user has full control
# operator - The user has limited control
# observer - The user can only browse the information
#
shareplex:jt9ajM5VKJiQ.:observer
splex_level_three:BfIVjpW4I4XGA:observer
NOTE: If a Unix-based system with htpasswd is not available, the password can also be encrypted by any htpasswd generator that can be found on the net, as long as that generator has the ability to encrypt using CRYPT. SharePlex user authentication does not support passwords encrypted using SHA encryption or MD5 encryption, which is the default encryption for windows.
-
Defect ID
100755