Course13:IT Advanced - 09 Password relations: Difference between revisions
Jump to navigation
Jump to search
(New page: {{#moodlebook: Master Templates / V13 Templates / Advanced | Password relations | 133 }}) |
m (Protected "Course13:IT Advanced - 09 Password relations" [edit=sysop:move=sysop]) |
(No difference)
|
Revision as of 16:00, 28 March 2023
This book will help you get a better idea of what password fits what password.
Introduction
This book is intended as a reference to explain the difficulties between password relationships. Since we always use ip411 in all nnovaphone courses, it is often difficult to understand which password must match which password.
Please note that this book is a continuation of the existing IT Connect training book. This means that we do not repeat password correlations that have already been explained.
Admin password
The Admin password is used to access all password protected pages of the Advanced UI (https://x.x.x.x/admin.xml?xsl=admin.xsl). The admin password can be set manuall under General/Admin. There must be an admin password. If you intentionally delete it, the changes will not be applied.
The admin password is usually created by the Install, so please save the password in a safe place as it is critical.
Phone registration password
As you learned in the course, you do not need a password to authenticate a registration unless you are using the phone's certificate. If you choose to use a password, you can use either the PBX password or the user password. It is not recommended to use no password at all.
If you use the user password, the registration password used on the phone must match the user password in the user object.
If you want to use the PBX password for authentication, the password used for registration must match the PBX password. This does not work out of the box, you need to enable the PBX Pwd option in the Hardware ID of the registration.
Session password
To log in to myApps, you must enter the username and password of the user object. Once the login process is successful, the myApps client stores a session ID and a session password, which is different from the user password, in the browser's DOM storage. The PBX on the other hand stores the equivalent session credential in the user object. This way, you don't have to re-enter your credentials the next time you log in, as long as the session ID and session password are stored in the browser.
AP manager password
The AP Manager password is used to access the AP Manager web interface and to link the PBX to the Application Platform. Therefore, you need to create an object of type AP.
You can define the AP Manager password in the settings area (Security) of the AP Manager, but note that the AP Manager password is overridden by the domain password configured in Devices if you enable the Use domain password on all devices checkbox.
Linux admin user
SSH is used to access the command line of the application platform. Therefore, you need to ether the Linux admin password. This password can be changed in the settings area (Security) of the application platform. The default password is ipapps but the he Install and Devices app will overwrite this password to the domain password.
Linux root password
To operate as a super user on the command line, you need to change to the root user after logging in. This is done by the Linux root password and can be changed in settings area (Security) of the AP Manager. The default password is iplinux but the Install and Devices app will overwrite this password to the domain password.
App Service Instance password
When you log in to the myApps client, you get access to all available apps. Some of these apps, such as the phone or chat app, are part of the PBX firmware, while other apps are on the AP. When you open an app whose app service is part of the application platform, the app service allows only authenticated access for this websocket connection.
You may wonder where you can configure the corresponding credentials for this connection. In the PBX you will find so-called app objects. Each of these app objects has a password. The myApps client receives this information from the PBX during the login process, which is then used for the websocket connection and must match the password of the app service instance.
Fortunately, you don't have to configure these passwords, because the Install configures them for you.
Database passsword
The database password can be ignored for the most part. If you want to access the app service database via a tool like pgAdmin you need to use the password to establish a connection.
App object password
As discussed in an earlier chapter, the password of the app object must match the password of the app service instance.
Fortunately, you don't have to worry about this because the Install creates these objects and sets the correct password. If you need to create an object after installation, simply add the app through the PBX Manager plugin.
Domain password
The domain password is created by the Install, so please keep the password in a safe place.
The password can be changed in the Devices app. If the you set the option to Deploy the domain password on all devices, the admin password of all devices in this devices domain will be changed.
AP Manager app object password
The app object named AP Manager is somewhat special because it does not connect to an app service instance, but to the AP Manager itself. As a result, the password of the AP Manager object must match the AP Manager password discussed earlier in this book.
AP object password
AP object is special because it links the PBX to the Application platform itself. In order for this to work, the password of the AP object has to match the password of the AP Manager.
If the AP object has no password at all, the admin password of the PBX is used. If the domain password is pushed to each device via the Deploy the domain password to all devices checkbox, the password will always be the same on both sides.
CDR authorization password
The PBX generates CDRs to document each call that passes through the PBX. The reports app service uses this information to display the call records in the call list app or the phone app, for example.
This means that the PBX must send the data to the app service via HTTP. To authenticate this HTTP connection, you can define a username and password for each Reports instance. The CDR interface on the PBX must use the same username and password to establish the connection.
User Admin - PBX password
The users app needs to replicate all user objects from the PBX. In order for this to work you have to configure the PBX password in the burger menu of the users admin app. Only if those passwords match, the replication will be up and you will see users in the users admin app.
PBX lookup password - phone
To perform a forward lookup on the phone, the phone must be able to establish an LDAP connection to the PBX database. Therefore, make sure that your phones use the same PBX forward lookup credentials as configured on the LDAP server.
Since the phone configuration is usually distributed by the Config User template, make sure the password here matches the LDAP server credentials.
If the Install configured your system, the domain/ldap-guest user uses the same password that the Contacts app uses for LDAP.
External LDAP server password - phone
To perform a forward lookup to an external LDAP server, such as the Contacts app or Estos Metadir. Make sure that the password configured in the Config User template matches the password used for authorization in the LDAP server.