Novell Home

My Favorites

Close

Please to see your favorites.

Security Vulnerability: Novell Identity Manager engine installation leaves admin tree credentials in a file.

This document (7006705) is provided subject to the disclaimer at the end of this document.

Environment

Novell Identity Manager 3.6.1

Situation

When installing Novell Identity Manager (IDM) the installer prompts for credentials to the tree where IDM is being installed.  This is done so that schema can be extended for the IDM product within eDirectory.  A log file for the installation is written to /tmp/idmInstall.log which contains the steps taken during the installation and in some cases contains the credentials as entered by the administrator.

Resolution

The log file is not needed by IDM or any other product after the installation is complete and is used for troubleshooting failures during the install.  It should be removed once the installation is completed.  The file is, by default, at the following location:

/tmp/idmInstall.log

This location may change based on the system environment variables but should be in the defined temporary directory in any case.

This is currently resolved in IDM 4.01.  If there is another patch for IDM 3.6, this will also be included there.  There is no guarentee that there will be another 3.6 patch released at this time.  The suggestion is to upgrade to IDM 4.01

Status

Security Alert

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7006705
  • Creation Date:23-AUG-10
  • Modified Date:11-JUN-13
    • NetIQIdentity Manager

Did this document solve your problem? Provide Feedback