Course13:IT Advanced - 09 Password relations: Difference between revisions

From innovaphone wiki
Jump to navigation Jump to search
(New page: {{#moodlebook: Master Templates / V13 Templates / Advanced | Password relations | 133 }})
 
m (Protected "Course13:IT Advanced - 09 Password relations" [edit=sysop:move=sysop])
(No difference)

Revision as of 15:00, 28 March 2023

This book will help you get a better idea of what password fits what password.

Introduction

This book is intended as a reference to explain the difficulties between password relationships. Since we always use ip411 in all nnovaphone courses, it is often difficult to understand which password must match which password.

Please note that this book is a continuation of the existing fish-help.png IT Connect training book. This means that we do not repeat password correlations that have already been explained.

Admin password

screenshot.png The Admin password is used to access all password protected pages of the Advanced UI (https://x.x.x.x/admin.xml?xsl=admin.xsl). The admin password can be set manuall under General/Admin. There must be an admin password. If you intentionally delete it, the changes will not be applied.

The admin password is usually screenshot.png created by the Install, so please save the password in a safe place as it is critical.

Phone registration password

As you learned in the course, you do not need a password to authenticate a registration unless you are using the phone's certificate. If you choose to use a password, you can use either the PBX password or the user password. It is not recommended to use no password at all.


If you want to use the PBX password for authentication, screenshot.png the password used for registration must match the PBX password. This does not work out of the box, you need to enable the PBX Pwd option in the Hardware ID of the registration.

Session password

To log in to myApps, screenshot.png you must enter the username and password of the user object. Once the login process is successful, the myApps client stores a session ID and a session password, which is different from the user password, in the browser's DOM storage. The PBX on the other hand screenshot.png stores the equivalent session credential in the user object. This way, you don't have to re-enter your credentials the next time you log in, as long as the session ID and session password are stored in the browser.

AP manager password

The AP Manager password is used screenshot.png to access the AP Manager web interface and to link the PBX to the Application Platform. Therefore, you need to create an object of type AP.

You can define screenshot.png the AP Manager password in the settings area (Security) of the AP Manager, but note that the AP Manager password is overridden by the domain password configured in Devices if you enable the Use domain password on all devices checkbox.

Linux admin user

SSH is used to access the command line of the application platform. Therefore, screenshot.png you need to ether the Linux admin password. This password screenshot.png can be changed in the settings area (Security) of the application platform. The default password is ipapps but the he Install and Devices app will overwrite this password to the domain password.

Linux root password

To operate as a super user on the command line, screenshot.png you need to change to the root user after logging in. This is done by the Linux root password and screenshot.png can be changed in settings area (Security) of the AP Manager. The default password is iplinux but the Install and Devices app will overwrite this password to the domain password.

App Service Instance password

When you log in to the myApps client, you get access to all available apps. Some of these apps, such as the phone or chat app, are part of the PBX firmware, while other apps are on the AP. When you open an app whose app service is part of the application platform, the app service allows only authenticated access for this websocket connection.

You may wonder where you can configure the corresponding credentials for this connection. In the PBX you will find so-called app objects.screenshot.png Each of these app objects has a password. The myApps client receives this information from the PBX during the login process, which is then used for the websocket connection and must match the password of the app service instance.

Fortunately, you don't have to configure these passwords, because the Install configures them for you.


Database passsword

screenshot.png The database password can be ignored for the most part. If you want to access the app service database via a tool like pgAdmin you need to use the password to establish a connection.

App object password


Fortunately, you don't have to worry about this because the Install creates these objects and sets the correct password. If you need to create an object after installation, simply add the app through the PBX Manager plugin.

Domain password

screenshot.png The domain password is created by the Install, so please keep the password in a safe place.

screenshot.png The password can be changed in the Devices app. If the you set the option to Deploy the domain password on all devices, the admin password of all devices in this devices domain will be changed.

AP Manager app object password

The app object named AP Manager is somewhat special because it does not connect to an app service instance, but to the AP Manager itself. As a result, screenshot.png the password of the AP Manager object must match the AP Manager password discussed earlier in this book.

AP object password

AP object is special because it links the PBX to the Application platform itself. In order for this to work, screenshot.png the password of the AP object has to match the password of the AP Manager.

CDR authorization password

The PBX generates CDRs to document each call that passes through the PBX. The reports app service uses this information to display the call records in the call list app or the phone app, for example.

This means that the PBX must send the data to the app service via HTTP. To authenticate this HTTP connection, you can define a username and password for each Reports instance. The CDR interface on the PBX screenshot.png must use the same username and password to establish the connection.

User Admin - PBX password

The users app needs to replicate all user objects from the PBX. In order for this to work you have to configure screenshot.png the PBX password in the burger menu of the users admin app. Only if those passwords match, the replication will be up and you will see users in the users admin app.


PBX lookup password - phone

To perform a forward lookup on the phone, the phone must be able to establish an LDAP connection to the PBX database. Therefore, make sure that your phones use the same PBX forward lookup credentials as configured on the LDAP server.

Since the phone configuration is usually distributed by the Config User template,screenshot.png make sure the password here matches the LDAP server credentials.

(Further Hints) If the Install configured your system, the domain/ldap-guest user uses the same password that the screenshot.png Contacts app uses for LDAP.

External LDAP server password - phone

To perform a forward lookup to an external LDAP server, such as the Contacts app or Estos Metadir. Make sure that the screenshot.png password configured in the Config User template matches the password used for authorization in the LDAP server.