PolicyCenter Passwords and Interface Security
Limit access to individual PacketShapers and PolicyCenter configurations
by setting passwords and securing the interfaces. PolicyCenter users the following
|| Allowed Functions
| PolicyCenter User Login passwords
|| Depending upon their individual roles, users can either modify or view PolicyCenter configurations of individual PacketShapers through their web-browser or command-line interfaces. Users
with a look role password cannot change the configurations, and do not
have access to individual units. Users with a touch role can access and modify PolicyCenter configurations and
individual units in shared mode. A PolicyCenter user's login password can only be changed from PolicyCenter, unless the user login uses RADIUS authentication. See Modify a PolicyCenter User Account.
| PacketShaper passwords
|| A look or touch password can be defined for a PolicyCenter
configuration and inherited by all PacketShapers assigned to that configuration. PacketShaper passwords can also be configured from the command-line or browser interfaces of each individual unit. See Change Security Settings for PolicyCenter Configuration, below.
| Directory Server Password
|| Use this password to manage the connection between PolicyCenter and the Directory Server. The Directory Server password can be changed
from PolicyCenter and the Sun Directory Server console. See Change the Directory Server Password, below.
| Directory Server Administrator
|| The directory server administrator manages the Directory Server from the Sun ONE Directory
Server console. Note the default user ID and password are both admin.
Note: If a PacketShaper is changed to local mode, you will no longer be
able to view or modify the unit with the PolicyCenter Directory Server password.
To reenable the directory server password for the PacketShaper, access the unit using
its touch password and then return it to shared mode.
Change Security Settings for PolicyCenter Configurations
To view or update passwords or interface security settings
for a PolicyCenter configuration:
- Access the PolicyCenter browser interface and click the Configurations
- Choose a configuration from the configuration tree in the left pane of the Setup window.
- From the right pane, select the Setup tab.
- From the list of setup pages, select Security. The
available security settings appear on the Setup window. show screen
- Verify or modify configuration
- Click apply changes to update the settings.
Change the Directory Server Password
To change the directory server password:
- Click the Setup tab in PolicyCenter.
- From the left pane, select the Core Directory Server Setup Category.
- Enter the Old Password, then type the New Password.
The password can be up to 64 alphanumeric characters, including 0-9, A-Z, a-z, spaces, periods, underscores, and dashes.
- Confirm the new password by entering it a second time in the Confirm New Password field.
- Click change password. You must now exit PolicyCenter, then
log in to PolicyCenter again with your same user name and login password.
Forgot Your Directory Server Password?
If you forget your Directory Server password for PolicyCenter, follow the instructions below.
Directory Server 5.2
- Run the Directory Server Console program.
(Start > Programs
> Sun ONE Server Products > Sun ONE Console)
- Provide the user ID and password. The default user ID and password
are both admin.
- In the main Console page, expand the Server Group folder.
- Double-click Directory Server in the tree on the Console page.
The Directory Server window will open.
- Click the Directory tab. show screen
- Double-click the iqos folder in the directory tree on the
left. show screen
- Double-click pscfgw in the list on the right-hand side of the
Directory page. This will open the pscfgw Edit Entry window.
- Set the Password field to a new
password, then click OK.
- Access the PolicyCenter command-line interface (Start >
Programs > Blue Coat PolicyCenter> PolicyCenter Client).
- Log in to PolicyCenter with your existing user name and password, and enter any command; this causes the
new directory server password to take affect.
You should now be able to subscribe units to the directory server using this
Directory Server 7.0
- Log in to the PolicyCenter Client and disconnect it from the directory server using the command:
- Navigate to:
<install directory>\Program Files\Sun\DSEE.7.0.Windows-X86-zip\DSEE_ZIP_Distribution\sun-dsee7\dsee7\dsrk\bin
- Open the acispwd.txt file. Instead of password in the userPassword field, enter the new password.
- Save and close the acispwd.txt file.
- In a command window, navigate to:
<install directory>\Program Files Sun\DSEE.7.0.Windows-X86-zip\DSEE_ZIP_Distribution\sun-dsee7\dsee7\dsrk\bin
- Enter the following command:
bin\ldapmodify -h <IP address of Directory Server 7> -p 389 -D cn=dsadmin -w password -f <the entire path to the acispwd.txt>
- Connect PolicyCenter back to the directory server, either through the PolicyCenter Client or the browser interface, using the new password. To reset the connection between PolicyCenter and the directory server, go to the directory server machine and do one of the following:
Access the PolicyCenter command‐line interface and issue the command:
config set localhost <password>
Or type http://localhost/ on the browser address bar and complete the getting started setup.
- Use the new password you set in the acispwd.txt file to connect to the directory server from a PacketShaper appliance.
Note: The unit configurations that were part of PolicyCenter before the password change will complain of invalid credentials. You will need to reconnect the units to the directory server with the new password.
To change security settings for the PolicyCenter software itself, see
Modify HTTPS Settings for PolicyCenter
Configure RADIUS for PolicyCenter
Change the Directory Server Host