|
|
|
If the application server is not running and PUPM is unavailable, you cannot use PUPM to check out privileged accounts. Instead, you can use pwextractor, the PUPM password extraction utility, to export privileged account passwords from the database. You can then use the passwords to log in to privileged accounts as usual or, for back up of privileged account passwords.
If you extract privileged account passwords from the database because PUPM is unavailable, you do not need to complete any post-recovery steps when PUPM is restored.
You install pwextractor when you install the Enterprise Management Server. By default, CA Access Control rules do not protect pwextractor, but you can write rules to protect it.
To use pwextractor, you must:
Note: You provide these credentials when you install the Enterprise Management Server.
You can use pwextractor whether CA Access Control Enterprise Management is running or stopped, and whether the application server is running or stopped. You can also run pwextractor remotely.
Note: For more information about pwextractor, see the Reference Guide.
Example: Extract Privileged Account Passwords from an Oracle Database
The following example extracts the privileged account passwords from an Oracle database and writes the output to the file C:\tmp\pwd.txt. The schema name is orcl and the database is located on host myhost.example.com. The Enterprise Management Server is installed on a Windows computer:
pwextractor.bat -h myhost.example.com -d orcl -t oracle -l joesmith -p P@ssw0rd -f C:\tmp\pwd.txt -k C:\jboss-4.2.3.GA\server\default\deploy\IdentityMinder.ear\config\com\netegrity\config\keys\FipsKey.dat
| Copyright © 2012 CA. All rights reserved. | Tell Technical Publications how we can improve this information |