Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

It is expected security practice to change passwords when a developer leaves. These check-lists and notes are from the last time this was done--circa Apr 23, 2018. Changes in bold require downtime. All other changes may be made without impact to production operations.

...

HQ production environment

  • HQ password safe password reset.
  • LIMSHQ modify tasweb credential on all Tomcat servers.
  • BuildHQ dev password reset.
  • NEXUS HQ change credential for upload, server management.
  • Oracle LIMSHQ schema passwords to be changed: LIMS, OPS, DESCINFO2, SPLAT, PUBLISH, PITALOG, TRANSFER--30 character random passwords are supplied from the Password Safe credential generation policy.
  • LIMSHQ Tomcat instances: remove manager app, tomcat-users.xml, edit logging.properties to match, remove tomcat-users reference from server.xml
    Will only need to be done again on release of new distributions of Tomcat.
  • Generate credential hashes for webapp usage for WRITER, SDRMREAD via

    Code Block
    /reference/EncryptString-eg?s=credential-to-obfuscate


  • LIMSHQ modify context.xml hashes for new oracle passwords.
  • Oracle LIMSHQ schema passwords to be changed: SDRM.
    Requires Tomcat host shutdown, application rebuild, deployment, and test.
    SDRMREAD requires an associated change in Tomcat context.xml.
  • Oracle LIMSHQ schema passwords to be changed: WRITER, SDRMREAD.
    Requires Tomcat host shutdown, then Oracle password change and verification, then context.xml modification, then restart Tomcat, then spot check applications.
  • Oracle LIMSHQ schema passwords to be changed: ConfluenceOwner.
    Requires Confluence shutdown, then Oracle password change and credential change in Confluence configuration--c:\srv\Confluence\confluence.cfg.xml--look for hibernate properties for username and password. Then Confluence may be restarted.

HQ test environment

  • SHORT modify tasweb credential on all Tomcat servers.
  • Oracle SHORT schema passwords to be changed: LIMS, OPS, DESCINFO2, SPLAT, PUBLISH, PITALOG, TRANSFER.
  • Generate credential hashes for webapp usage for WRITER, SDRMREAD (same service as above).
  • SHORT Tomcat instances: remove manager app, tomcat-users.xml, edit logging.properties to match, remove tomcat-users reference from server.xml
    Will only need to be done again on release of new distributions of Tomcat.
  • SHORT modify context.xml hashes for new oracle passwords.
  • Oracle SHORT schema passwords to be changed: SDRM.
    There is no live SaDR host in this environment--just change the database credentials.
  • Oracle SHORT schema passwords to be changed: WRITER, SDRMREAD.
    Requires Tomcat host shutdown, then Oracle password change and verification, then context.xml modification, then restart Tomcat, then spot check applications.
  • Oracle SHORT schema passwords to be changed: ConfluenceOwner.
    Requires Confluence shutdown, then Oracle password change and credential change in Confluence configuration--c:\srv\Confluence\confluence.cfg.xml--look for hibernate properties for username and password. Then Confluence may be restarted.

Account removals

  • Shared Mac RF52890 -- A232b.
  • VPN access to ship -- managed by the MCS.
  • Build HQ
  • Build JR
  • Subversion account
  • Confluence account disabled and removed from any group
  • Authorizations removed from Trello
  • Authorizations removed from Google ocean-drilling.org sites
  • Exchange lists: programmers, developer
  • Exchange lists: jr_programmers, jr_developer

Credential changes SHIP

LIMSJR production environment

...