It is expected security practice to change passwords when a developer leaves. These check-lists and notes are from the last time this was done--circa Apr 23, 2018. Changes in bold require downtime. All other changes may be made without impact to production operations.
...
HQ production environment
- HQ password safe password reset.
- LIMSHQ modify tasweb credential on all Tomcat servers.
- BuildHQ dev password reset.
- NEXUS HQ change credential for upload, server management.
- Oracle LIMSHQ schema passwords to be changed: LIMS, OPS, DESCINFO2, SPLAT, PUBLISH, PITALOG, TRANSFER--30 character random passwords are supplied from the Password Safe credential generation policy.
- LIMSHQ Tomcat instances: remove manager app, tomcat-users.xml, edit logging.properties to match, remove tomcat-users reference from server.xml
Will only need to be done again on release of new distributions of Tomcat. Generate credential hashes for webapp usage for WRITER, SDRMREAD via
Code Block /reference/EncryptString-eg?s=credential-to-obfuscate
- LIMSHQ modify context.xml hashes for new oracle passwords.
- Oracle LIMSHQ schema passwords to be changed: SDRM.
Requires Tomcat host shutdown, application rebuild, deployment, and test.
SDRMREAD requires an associated change in Tomcat context.xml.
- Oracle LIMSHQ schema passwords to be changed: WRITER, SDRMREAD.
Requires Tomcat host shutdown, then Oracle password change and verification, then context.xml modification, then restart Tomcat, then spot check applications.
- Oracle LIMSHQ schema passwords to be changed: ConfluenceOwner.
Requires Confluence shutdown, then Oracle password change and credential change in Confluence configuration--c:\srv\Confluence\confluence.cfg.xml--look for hibernate properties for username and password. Then Confluence may be restarted.
HQ test environment
- SHORT modify tasweb credential on all Tomcat servers.
- Oracle SHORT schema passwords to be changed: LIMS, OPS, DESCINFO2, SPLAT, PUBLISH, PITALOG, TRANSFER.
- Generate credential hashes for webapp usage for WRITER, SDRMREAD (same service as above).
- SHORT Tomcat instances: remove manager app, tomcat-users.xml, edit logging.properties to match, remove tomcat-users reference from server.xml
Will only need to be done again on release of new distributions of Tomcat. - SHORT modify context.xml hashes for new oracle passwords.
- Oracle SHORT schema passwords to be changed: SDRM.
There is no live SaDR host in this environment--just change the database credentials. - Oracle SHORT schema passwords to be changed: WRITER, SDRMREAD.
Requires Tomcat host shutdown, then Oracle password change and verification, then context.xml modification, then restart Tomcat, then spot check applications. - Oracle SHORT schema passwords to be changed: ConfluenceOwner.
Requires Confluence shutdown, then Oracle password change and credential change in Confluence configuration--c:\srv\Confluence\confluence.cfg.xml--look for hibernate properties for username and password. Then Confluence may be restarted.
Account removals
- Shared Mac RF52890 -- A232b.
- VPN access to ship -- managed by the MCS.
- Build HQ
- Build JR
- Subversion account
- Confluence account disabled and removed from any group
- Authorizations removed from Trello
- Authorizations removed from Google ocean-drilling.org sites
- Exchange lists: programmers, developer
- Exchange lists: jr_programmers, jr_developer
Credential changes SHIP
LIMSJR production environment
...