Netbrain
Home NetBrain Product One-Skill-at-a-Time Search Mark Forums Read
Go BackThe Net-BrainerNetBrain Product OE functionality with out Global Credentials

Reply
 
Thread Tools Search this Thread Display Modes
Old 09-16-2010, 02:06 PM
recoyle recoyle is offline
 
Join Date: Jun 2010
Posts: 50
Default OE functionality with out Global Credentials

At most companies, security best practices prohibit the use of shared userids or passwords.

OE allowed us to meet the security requirements by giving us an option to uncheck the "Can use Global Telnet/SSh Credential". And control this centrally.


The next step is to restore the functionality that was lost (retrieve live data, traceroute from, find path, ping from...)

Is there a way to prompt for userid and password if the OE user is not allowed to use the Global Credentials... or if OE has no credentials stored for the device/ip address?
Reply With Quote
Old 09-16-2010, 02:07 PM
recoyle recoyle is offline
 
Join Date: Jun 2010
Posts: 50
Default Re: OE functionality with out Global Credentials

the option to use local credentials would also be useful.
Reply With Quote
Old 09-16-2010, 02:33 PM
Abraham L Abraham L is offline
 
Join Date: May 2009
Posts: 49
Default Re: OE functionality with out Global Credentials

Hi, Recoyle,

The user can enter the username/password in his OE Workstation and these username/password are only saved in his local Workstation and not shared by others. He can use this credentials for all functions related to the live network.

Hope that it can help.
Reply With Quote
Old 09-16-2010, 09:28 PM
recoyle recoyle is offline
 
Join Date: Jun 2010
Posts: 50
Default Re: OE functionality with out Global Credentials

The user can only enter their own id and password in the TELNET/SSH tool. There is no way to do this in the other tools I listed. (retrieve live data in a qmap, traceroute from and others.)
Reply With Quote
Old 09-16-2010, 09:30 PM
recoyle recoyle is offline
 
Join Date: Jun 2010
Posts: 50
Default Re: OE functionality with out Global Credentials

If there is another way to do this please let me know.
Reply With Quote
Old 09-16-2010, 10:43 PM
recoyle recoyle is offline
 
Join Date: Jun 2010
Posts: 50
Default Re: OE functionality with out Global Credentials

After further testing, Maybe what I need is clear documentation on when network setting lilke userids and passwords are shared and when they stay local. I was under the impression that when you add userids and password on the oe client they are shared with the server (and other users). Is this true or only true under certain circumstances (eg when the client is a admin users or when it has "use global credentials" enabled)?

if a user adds their own local userid and password, do they have to "tune live access" for all device to automatically use their local IDs?

It would still be useful if you could prompt for userid and password if no credentials are assigned on that client.
Reply With Quote
Old 09-17-2010, 09:38 AM
Abraham L Abraham L is offline
 
Join Date: May 2009
Posts: 49
Default Re: OE functionality with out Global Credentials

Hi, Recoyle,

Only if the user has the role of administrator, he has the right to enter the shared (global) network setting. For other users such as one with engineer role, he does not have right to enter the shared network setting, however he can enter the username/password pair which can only be used in his Workstation. And he can run Tune Live Access for all devices to pick up the correct local credentials.

Hope that this helps,

Thanks,
Reply With Quote
Old 09-17-2010, 01:43 PM
recoyle recoyle is offline
 
Join Date: Jun 2010
Posts: 50
Default Re: OE functionality with out Global Credentials

Yes very helpful.

Added feature requests.

1. Could you add code to prompt for userid and/or password if the OE client finds no valid credintials.

All of our support staff use one-time tokens (i.e. every password they use is different every time) so it is not possible to configure fixed userid and passwords.

2. Provide another user option on the server that allows clients to use global credentials for all tools EXCEPT telnet/ssh.

This would provide the abilty for support users to do discoveries, retrieve live data, traceroute (as allowed in the users "Functions"), but does not allow them to telnet and make changes to devices using the shared userid. Preventing users from making changes with a shared ID is the real requirement.
Reply With Quote
Old 09-23-2010, 11:38 PM
Elton Elton is offline
 
Join Date: May 2009
Posts: 20
Default Re: OE functionality with out Global Credentials

Very good suggestions, we'll add the requirements to our future release.
Thanks.
Reply With Quote
Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Forum Jump

All times are GMT -4. The time now is 04:52 PM.
Powered by vBulletin
Copyright 2000-2010 Jelsoft Enterprises Limited.
Copyright 2009 NetBrain, Inc. All rights reserved.