1. System Administrator's Guide
  2. Implementing Security
  3. Managing Login Names and Passwords

19 Managing Login Names and Passwords

Learn how to manage login names and passwords in Oracle Communications Billing and Revenue Management (BRM).

Topics in this document:

See also "Logging Customer Service Representative Activity Events" and "Setting Up Permissions in BRM Applications".

Managing Login Names and Passwords for BRM Access

To access the BRM database, a client application must provide the following:

  • An account name

  • The password for that account

  • The service

  • The database number of the BRM database

When you install BRM, the system creates a single user account with general permission to the BRM system. The default system login name is root.0.0.0.n (where n is your database number), and you provide its password during the BRM installation process. This system account includes two services: admin_client and pcm_client.

  • BRM client applications log in to the admin_client service.

  • Other BRM utilities and programs, such as optional service integration components, log in to the pcm_client service.

When you set up a production BRM system, you create additional accounts—for example, one for each of your customer service representatives (CSRs)—and associate one or more services with each account. You give each account a password and grant certain privileges to the account. For example, you might want to allow only some of your CSRs to handle payment disputes.

Before creating CSR accounts, you must use PDC to create and load a CSR package, which defines the services available to CSRs.

You also need to provide an account for any extended applications you use with BRM.

Note:

You cannot change the payment method of the root account or make it a parent or child account.

Configuring the Maximum Number of Invalid Login Attempts

You configure the maximum number of invalid login attempts by setting the MaxLoginAttempts business parameter.

To configure the maximum number of invalid login attempts:

  1. Go to BRM_home/sys/data/config.

  2. Create an XML file from the /config/business_params object: 

    pin_bus_params -r BusParamsActivity bus_params_act.xml

    See "pin_bus_params" in BRM Developer's Guide for information about the utility's syntax and parameters.

  3. In the file, set the value to the maximum number of login attempts:

    <MaxLoginAttempts>5</MaxLoginAttempts>

    The default value is 5.

  4. Save the file as bus_params_act.xml.

  5. Load the XML file into the BRM database:

    pin_bus_params bus_params_act.xml

  6. Stop and restart the CM.

  7. (Multischema systems only) Run the pin_multidb script with the -R CONFIG parameter. For more information, see "pin_multidb".

Configuring the CM to Verify Application Logins with the Service Only

By default, the CM is configured to require a service, a login name, and a password. This provides secure access to BRM.

If only secure applications will connect to your CM, you can speed up the login process by configuring the CM to verify only the service but not require a login name or password.

To configure the CM to verify application logins with the service only:

  1. Open the CM configuration file (BRM_home/sys/cm/pin.conf).

  2. Change the cm_login_module entry from cm_login_pw001.dll to cm_login_null.dll: 

    - cm cm_login_module cm_login_null.dll

  3. Save and close the file.

  4. Stop and restart the CM.

  5. Configure the applications that connect with this CM to provide only service information at log in. In the configuration file for each application, set login_type to 0, and ensure a valid service is listed for userid.

    Note:

    CM Proxy provides another way of connecting to BRM without using a login name and password. See "Using CM Proxy to Allow Unauthenticated Log On".

Enabling Password Restriction for /service Objects

In BRM, you can use password restriction to secure the creation, modification, and deletion of /service objects.

Password restriction forces passwords to adhere to the following rules:

  • Contain a minimum of 8 characters. It is recommended to use the longer password.

  • Include at least one numeric character, one uppercase character, one lowercase character, and one special character.

  • Different from the previous four passwords (NA for customer account creation and service creation).

  • Should not include any part of the user ID.

  • Should not contain dictionary words.

  • Should not contain commonly used combinations.

  • Should not contain birthday of a user or a name of the related person or other personal facts.

  • Should contain minimum six digits for mobile devices.

You can configure the password restrictions using the PCM_OP_CUST_POL_VALID_PASSWD opcode.

By default, password restriction for /service objects is disabled in BRM. To enable it, run the pin_bus_params utility to change the EnablePasswordRestriction business parameter. For information about this utility, see "pin_bus_params" in BRM Developer's Guide.

To enable password restriction for /service objects:

  1. Go to BRM_home/sys/data/config.

  2. Create an XML file from the /config/business_params object: 

    pin_bus_params -r BusParamsCustomer bus_params_customer.xml

  3. In the file, set <EnablePasswordRestriction> to enabled: 

    <EnablePasswordRestriction>enabled</EnablePasswordRestriction>

  4. Save this file as bus_params_customer.xml.

  5. Load the XML file into the BRM database:

    pin_bus_params bus_params_customer.xml

  6. Stop and restart the CM.

  7. (Multischema systems only) Run the pin_multidb script with the -R CONFIG parameter. For more information, see "pin_multidb".

Storing Passwords in Oracle Wallet

By default, the BRM Installer stores sensitive information, such as database and account passwords, in the Oracle wallet and the BRM applications retrieves the passwords from the Oracle wallet. However, if the database and account passwords are also stored in the Infranet.properties and pin.conf configuration files, the BRM applications retrieve the passwords from the configuration files. The BRM applications automatically decrypt the encrypted passwords when retrieving them from the configuration files.

By default, the passwords in the configuration files are encrypted in the Oracle ZT PKI format. For more information, see "Encrypting Data" in BRM Developer's Guide.

Note:

To encrypt passwords for client applications or optional managers that are not part of base BRM or that are associated with customizations, use the pin_crypt_app utility. For details, see "About Encrypting Passwords" in BRM Developer's Guide.

When you encrypt a password for the Connection Manager (CM), ensure that the password adheres to the following rules:

  • Contain a minimum of eight characters

  • Include at least one numeric character, one uppercase character, and one special character

  • Differ from the previous four passwords

  • Not include any part of the user ID

Configuring Applications to Provide Login Information

BRM client applications provide login information in various ways:

  • BRM Java-based applications, including Pricing Center, Customer Center, and Configuration Center, ask the user for port numbers and database names when the application starts.
  • Payment Tool provides port numbers and database names in its .ini file.

To change the default login information for client applications, edit the .ini or configuration file or use the login dialog box.

Login Information for Java-Based Client Applications

To change most connection information for Java-based client applications, use the login dialog box, which appears when you start the application. The application uses this default information for subsequent sessions.

Login Information for Payment Tool

To change the default login information for Payment Tool:

  1. Open the C:\Users\user_name\AppData\Local\VirtualStore\Windows\PaymentTool.ini file.

  2. Edit the login entries.

  3. Save and close the file.