If the IBM Security
Privileged Identity Manager cannot
establish a connection with the managed endpoint because a network
adapter is not working, or the adapter is not configured correctly,
for example, with a wrong password, the PIM Manager might want to
view the password for the endpoint to regain control.
The following scenarios describe the possible workarounds
that the PIM Manager can do to view the password for an endpoint.
Workaround for a scenario with a connection problem
with a pending check-in
Scenario- As a privileged user, James, checks out a credential for a Linux host with the self-care interface.
- To simulate a connection problem, as a PIM Manager, log in to
the administrator console. Tamper with the Service profile for the
host by changing the adapter password to an invalid password. IBM Security
Privileged Identity Manager cannot connect
to the host.
- As privileged user James, checks in the account with the self-care
interface.
The In Process message is displayed.
Under View
Requests, there is a Check-In event
with status Pending that is displayed for James.
James
can no longer see the credential when View Password is
selected, and cannot check in the credential again.
- As PIM Manager, in the administrator console, the credential is
still checked-out to James, but the Check-In option
is disabled.
Solution- As a PIM Manager, complete the following tasks:
- Go to View Requests to cancel the pending
request from James.
The Check-In command
for the credential is enabled.
- Disconnect the credential from the resource.
- Click Check-In for the disconnected credential.
- When James attempts to check out credentials, the credential is
available for selection again.
- James checks out the credential again, and can see the most recent
password.
Workaround for a scenario with a configuration problem
with a check-in that is completed with a warning
Scenario- As a privileged user, James, checks out a credential for a Linux host with the self-care interface.
- To simulate a configuration problem, as a PIM Manager, log in
to the administrator console. Tamper with the Service profile for
the host by changing the IP address without providing a new password.
IBM Security
Privileged Identity Manager cannot
connect to the host.
- As a privileged user, James, checks in the account with the self-care
interface. The message Completed with warning is displayed.
There
is a Check-in event with the Warning status
for James under View Requests.
Error
message displays Missing userPwd attribute in request.
James
can still see the credential when View Password is
selected, and can still try to check in again.
- As PIM Manager, in the administrator console, the credential is
still checked-out to James, and the Check-In command
for the credential is enabled.
- When the PIM Manager clicks Check In, the
credential remains checked-out by James.
Under View
Requests, there is a check-in event with status Warning for
PIM Manager.
You cannot clear the requests, as the requests
are presumably completed, although with a warning.
Solution
- As PIM Manager, complete the following steps:
- Disconnect the credential from the resource.
- Check in the disconnected credential.
- In the self-care interface, James notices that the credential
is checked-in, but the credential is available for check-out again.
- James checks out the credential again, and can see the most recent
password.