Smart Panda Newsletter – February 2014

Smart Thinking Newsletter

UC Berkeley Employees Targeted by Phishing Attacks

Smart Panda - Newsletter Postman
The Daily Californian has reported that several employees at UC Berkeley fell victim to a recent phishing scam that resulted in the redirection of their pay cheques. The phishing emails were sent to a variety of staff members, including retired faculty, and asked them to log into a fake website with their CalNet credentials – at which point the credentials were stolen and used to change payroll instructions.

Linking COBOL psrun.mak – Error “ld: cannot find -lgcc”

When linking COBOL on RHEL Linux x86_64, depending various factors you will most likely have a different gcc library then what is specified in cobopt64 configuration file.

As root change to the $COBDIR/etc directory and modify the cobopt64 file, look for the line:

set GCC_LIB=/usr/lib/gcc/x86_64-redhat-linux/x.x.x

Set x.x.x to the latest gcc version installed on the server at:  /usr/lib/gcc/x86_64-redhat-linux/x.x.x

PTIBUPGRADE.dms – huh?

When doing the upgrade the upgrade template has you modify the  PTIBUPGRADE.DMS script and you are to set it according to your environment but if you are like most people you won’t have a clue what to set in the script. This script I believe occurs if you are upgrade from anything before 8.49, but that is somewhat unclear from what I have read.  I know I have been encountering this dms for years now and everytime I just shake my head.

Here is what it says: “Edit PS_HOME\SCRIPTS\PTIBUPGRADE.DMS and make the necessary modifications as documented in the script. User level node security and transactional security have been added as of PeopleTools 8.48. Service namespace information, a low-level user on the node, and a low-level permission list for service operations, need to be specified. Consult with your Integration Broker specialist for assistance.”

Most likely you are considered the IB specialist so that is why you are now reading this post.


Firstly, the script is a tools base script so you will want to look for it in your PS_HOME\scripts directory.


Default Namespace – This is based on the XML standard “XML namespaces provide a simple method for qualifying element and attribute names used in Extensible Markup Language documents by associating them with namespaces identified by URI references” see http://www.w3.org/TR/1999/REC-xml-names-19990114/. When IB generates WSDL, SOAP messages we refer to the namespace provided in the service , during the upgrade all the service’s that are created are assigned to this namespace.  Interestingly there is no validation done against this namespace value, and it does not even have to be an HTTP URL,  however, it is a best practice to name one.

Finance: http://xmlns.oracle.com/Enterprise/ERP/services

HRMS: http://xmlns.<yourcomanyname>.com/Enterprise/HCM/services

 


Default UserID – Starting with 8.48 PeopleTools an inbound service operation can be invoked as a particular user , previously it was the user assigned in integrationGateway.properties.

The user assigned should have permissions to all messages and CI’s.

Finance: VP1  (or a customized user id that has similar permissions)

HRMS: PS (or a customized user id that has similar permissions)

 

 


Permission list – IB has now introduced user based security to follow the Peoplesoft security model, by assigning services to permission lists, assigning permissions to roles, and assigning roles to users who in turn invoke the service. All services created during the PeopleTools upgrade will be assigned this permission list:

Finance: PTPT1000

HRMS: HCPPALL

 

Report Distribution – Authentication Failure

I was working on a new server installation this week and ran into an odd error with the report distribution. The reports simply wouldn’t post. So I went through all the basics:

1. Prcs Start User has Roles: ProcessSchedulerAdmin & ReportDistAdmin
2. Default Local Node has authentication set to Password and Password value set.
3. Domain Active
4. Paths all set correctly
5. Report Node configured correctly (well almost).

Since I am working on a unique configured environment, I have my authentication token set, however, only the webserver can be hit with the domain added to the server name as that is the only entry on the DNS server. However, I found that authentication will fail if you are using SchedulerTransfer and try to transfer it to the URI Host without a full qualified dns name, that host MUST specify the authentication token in it.

So in my situation my authtoken is thesmartpanda.com, so I created a hosts entry (/etc/hosts) with the internal IP address pointing to rptdist.thesmartpanda.com. I changed the URI Host to be rptdist.thesmartpanda.com and all was good.! And no you can’t use the IP address:

“Warning! If you specify the Auth Token Domain name during the PeopleSoft Pure Internet Architecture installation, you must include a fully qualified domain name on the URL Host instead of the IP address. Otherwise, the Distribution Agent will not pass authentication.” —PeopleBooks

SMTP Authentication

If your SMTP server requires a userid and password in order to send emails which most do these days, you can configure your application server or process scheduler in the smtp section to handle this.

1. Determine what Authentication Username and Password to use that is known to the SMTP Server
2. Update the SMTP Section of Application Server and/or Process Scheduler’s configuration file, psappsrv.cfg and/or psprcs.cfg respectively, with the following variable values;

SMTPUserName = User who can log into SMTP Server, researched in #1 above.
SMTPUserPassword = * Password of the User who can log into SMTP Server, researched in #1 above.

SMTPUserName1 = Repeat value entered for SMTPUserName above.
SMTPUserPassword1 = Repeat value entered for SMTPUserPassword above.

3. Reconfigure the server, and restart.

*PT 8.50/8.51 – password is clear/plain text.
*PT 8.52/8.53 – password is encrypted using the PSCipher utility.