You are here

Getting secret store to automatically kick off

Submitted by wendy on Wed, 05/05/2010 - 11:47

We built a homegrown app for our remote helpdesk to use to change users passwords. The app does a LDAPmodify on userPassword, sets the pdscredentialExpire to true, clears our the PdsAccountStatus field & sets pdsAccountCredentialChanged to today's date/time.
Everything was working great and we recently discovered one glitch. It does not initiate a secret store recovery. We are using the SCT resource connector to CPIP to SSB and the password change not done thru the Luminis GUI seems to be breaking the SSO. We keep getting a "CPIP Notification: Unable to lookup user's credentials".

Anyone experience this?

Also going to middletier type SSO is currently not an option & we are on Lum IV.2.1.125.

Thanks
Wendy

Luminis Version:

There is a mechanism for automating secret store recovery. The key is the following cptool command:

cptool configure secretstore -ar=1 system

See page 3-74 for the 4.2.1 admin guide for details, but it basically says the system is the only required recovery agent.

Hi -
This only works if you modify the Luminis password with the native Luminis applications such as PRU or the Admin GUI.
We are trying to change the Luminis password with a homegrown external app. The app successfully changes the Luminis password, but does not kick of the secret store recovery.

Thanks
Wendy

Sorry to bump a old post but I was wondering if anyone has run into this issue. We are on 4.3.0.147 and this semester we have had a lot of cpip issues and can not seem to track it down as to what is causing the issue.

Mike