Many times I wished that the MT Password along with the other 2 configurable passwords, Application Password and whatever else, were network accounts whose passwords were maintained in the LDAP.
Joe _____ From: Action Request System discussion list(ARSList) [mailto:arslist@ARSLIST.ORG] On Behalf Of Steve Kallestad Sent: Tuesday, March 12, 2013 4:17 PM To: arslist@ARSLIST.ORG Subject: Re: Mid Tier administration password ** Good point John. I rarely see a default in a production environment anymore, but in sandbox and development environments... I saw Matt Laurenceau's posted about passwords today as well - https://plus.google.com/u/0/111882191091175150723/posts/42YkKdvjM1M?hl=en Personally, I recommend using something like keepass to generate and maintain passwords like this. It has functionality to set expirations and alert you to change them. It's better if there's an enterprise solution in place, but barring that, keepass is a heck of a lot better than storing the passwords in a shared spreadsheet, using the same password over and over, or trying to remember your password after not using it for a month. it's free/open source: http://keepass.info/ and there are browser integrations and various password generators. Question for you - what's does your SSO solution do that the OOB solution does not? (the one linked in your signature) On Tue, Mar 12, 2013 at 12:55 PM, John Baker <jba...@javasystemsolutions.com> wrote: Hello, I found this couple of paragraphs in an SSO Plugin newsletter and thought it was worth sharing. We see a lot of Mid Tier deployments and have noticed that the Mid Tier configuration password is almost never changed from the default value, arsystem. This poses a security risk, particularly when running a Mid Tier on the Internet - it doesn't take long to find a few public Mid Tiers with the default administration password. SSO Plugin displays a warning on the status page when the default password is set, so if you haven't changed your Mid Tier administration password, why not change it now? John -- JSS SSO Plugin for BMC, HP, CA, Kinetic, Jasper and more. http://www.javasystemsolutions.com/jss/ssoplugin _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"