change username and password

Hi
If I want to change the username and password from admin, ofbiz to something else, in which files should I change.

Thanks



     

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

admin is a user login not a party ID.
if you want to change the seed data
/framework/security/data/securitydata.xml
otherwise you can go into the partymgr lookup the admin party and go
through the logins for each admin login and change the password there.

adithi agarwal sent the following on 1/15/2009 1:12 PM:
> Hi
> If I want to change the username and password from admin, ofbiz to something else, in which files should I change.
>
> Thanks
>
>
>
>      
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJb6vQrP3NbaWWqE4RAngrAKDM3s7uWYfEx7VnyqFlouoLvFZLpACeOoim
N21rtstRGR5tpjbPmM17Hf8=
=HkPu
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

oops that is the system login
admin
is
application/securityext/data/passwordsecuritydata.xml

BJ Freeman sent the following on 1/15/2009 1:34 PM: -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFJb61OrP3NbaWWqE4RAl9bAKCgrDU1SnP0aDInyH+ByqgNI32wWwCdGbe8
OWYwGsdoq78QZAJJPsUvOyg=
=CdoN
-----END PGP SIGNATURE-----

Hi,

        Go for user profile in party manager. Under user names  you have the
options to enable or disable and u can change the password.


With regards,
S K Pradeep kumar,
Software Engineer,
Palindrome Software Labs Pvt. Ltd.


On Fri, Jan 16, 2009 at 2:42 AM, adithi agarwal <[hidden email]>wrote:

> Hi
> If I want to change the username and password from admin, ofbiz to
> something else, in which files should I change.
>
> Thanks
>
>
>
>

Hello BJ,

I think that xml file contains password in excrypted form. How can one
change that file in that case.

One has to put the encrypted password only in that xml file. i think it
seems impossible to to put encrypted password in xml file?



Kunal


On Fri, Jan 16, 2009 at 3:10 AM, BJ Freeman <[hidden email]> wrote:

On Jan 16, 2009, at 1:20 AM, kunal aggarwal wrote:

> Hello BJ,
>
> I think that xml file contains password in excrypted form. How can one
> change that file in that case.
>
> One has to put the encrypted password only in that xml file. i think  
> it
> seems impossible to to put encrypted password in xml file?

And yet amazingly there is an encrypted password string in the XML  
file...

The easiest is to load the seed, seed-initial, and whatever other  
initial data you need/want and then to change the admin and related  
passwords through the Party Manager, and then you're set to go. The  
passwords are part of the seed-initial data, and that should never be  
loaded again (though if you suspect anything has changed there, then  
you can do a data set diff in webtools to see what is different  
between the database and the data files and selectively make updates).

On a side note, you really should disable the admin account and not  
just change the password. All users, even admin users, should have  
their own individual named accounts. It's a good security practice,  
and mandate for things like PCI compliance.

-David

David et al,

What special chars are allowed to be used in the passwords. I'm not sure if it applies to all but I seem to have some problems with some of these; !@#$%^&*()_+?

Thanks as always for the help.

David E Jones-3 wrote

On Jan 16, 2009, at 1:20 AM, kunal aggarwal wrote:

> Hello BJ,
>
> I think that xml file contains password in excrypted form. How can one
> change that file in that case.
>
> One has to put the encrypted password only in that xml file. i think  
> it
> seems impossible to to put encrypted password in xml file?

And yet amazingly there is an encrypted password string in the XML  
file...

The easiest is to load the seed, seed-initial, and whatever other  
initial data you need/want and then to change the admin and related  
passwords through the Party Manager, and then you're set to go. The  
passwords are part of the seed-initial data, and that should never be  
loaded again (though if you suspect anything has changed there, then  
you can do a data set diff in webtools to see what is different  
between the database and the data files and selectively make updates).

On a side note, you really should disable the admin account and not  
just change the password. All users, even admin users, should have  
their own individual named accounts. It's a good security practice,  
and mandate for things like PCI compliance.

-David