One of the features we introduced in SSO Plugin 4 was heavy warnings on the SSO Plugin status page if the user had not changed the default 'arsystem' Mid Tier configuration password. You can google and find a number of Mid Tiers with it still running on the default password.
Also, we recently picked up another customer who'd spent six months trying to make AtriumSSO work. During the evaluation installation webex, we were horrified to find someone at BMC had changed the file ownership of AR System and the Tomcat running Mid Tier to root, and told the customer that AtriumSSO required everything to run as root (which is hopefully complete nonsense). An installation of SSO Plugin lasted 2 hours - with 1.5 hours spent cleaning up the mess, securing the installation etc. So none of this surprises me :) _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"