A utility to change user account passwords.
Michael Nellis (mrnellis@us.ibm.com), Senior Technical Service Specialist, IBM
In any IBM® Rational® ClearCase® environment that uses Microsoft® Windows®, ClearCase requires a Windows user account to start the ClearCase Atria Location Broker Daemon (ALBD) service. This article explains one way of changing the ALBD password, which you typically must do frequently for security.
One of the tasks of IBM® Rational® ClearCase® administrators when working in Microsoft® Windows® environments is managing the account required to start the IBM Rational ClearCase Atria Location Broker Daemon (ALBD) service. Most companies' security policies require that all account passwords must change periodically, typically about every 90 days, and the ClearCase password is usually no exception, of course. Changing the password every 90 days is relatively easy, but the fact that this change must now be propagated to tens, hundreds, or even thousands of Windows clients can make it a difficult and time-consuming task. There are numerous ways to automate this task, though, and each has its own pros and cons. This article explains one method (see Resources for an article about alternatives).
IMPORTANT NOTICE: Please read the license.txt file that is part of the zip package for this utility.
This utility is provided "as-is" and there is no support provided for this by IBM Rational. This utility may modify the Microsoft Windows registry settings as well as potentially change a Microsoft Service process definition. Changing these registry and service settings through the use of this utility involves some element of risk and may result in problems and errors occuring during the execution of Windows. Anyone running this utility needs to be aware of the potential risks.
Rational ClearCase has three services, or processes, that must run in the background on a Microsoft Windows platform:
- The lock manager (lockmgr)
- The credentials manager (cccredmgr)
- The ALBD service
The last one, the ALBD service, requires a Windows user account with ClearCase privileges to function properly. In the definition of this service, during ClearCase installation, the ClearCase administrator must specify the name of this privileged account, the password, the Windows domain, and the Windows group for this account. In some cases, only the password will ever change for this account. In other installations, there may be a requirement to change another or all of these values.
Note: To change these values, you need administrator's rights on the Windows client machine.
A utility to automate password changes
To make changing multiple ClearCase passwords easier, you can use a utility (ccalbdpw.exe) that resides on the client software. The utility reads a sitedefs.dat file on a network release area and simply updates the Windows registry information for the ALBD service. The utility must be executed using an account that has permission to change the registry values.
To use this utility, you follow this three-step process:
- Change the Windows ALBD service account password.
- Update the ClearCase network release area with the new password by copying the
sitedefs.datfile to theSETUPdirectory in the network release area. - Run the password update utility (
ccalbdpw.exe) on each client.
The ccalbdpw.exe utility reads the new password value from the SETUP\sitedefs.dat file and updates the Windows registry value. The new password value takes effect when you reboot the machine or when you stop and restart the ClearCase services.
Advantages of the using this utility
The advantages of this utility are that the password is secure and that the utility works with the existing ClearCase installation information on your workstation. If you prefer, you can modify the script for this utility to run on every reboot of a workstation and automatically pick up any changes.
To make maintenance tasks of the ALBD service account easier, this script also enables you to change this data in the Windows registry:
- Password
- ALBD service account name
- ALBD group name
- Path to the network release area
This script was designed to be used with Microsoft Systems Management Server (SMS) and other installation or upgrade tools. It also provides a detailed error message if a problem occurs.
Contents of the compressed utility file
This password change utility currently supports Rational ClearCase Windows version 2003.06 and version 7. The .zip file included as a download with this article contains these elements:
- A Windows executable file for the utility
- A
readme.txtfile with a detailed instructions and a complete listing of all error codes - A
license.txtfile that indicates that this is an as-is utility; therefore, does not include IBM Rational technical support
No comments:
Post a Comment