| *** WiKIDLogBot has quit (Ping timeout: 246 seconds) | 04:11 | |
| *** WiKIDLogBot (~WiKIDLogB@ec2-174-129-6-100.compute-1.amazonaws.com) has joined #wikid | 13:55 | |
| kornbluth.freenode.net | Topic for #wikid is: wikid If no one is here, please try the forums: https://www.wikidsystems.com/support/support/wikid-forums | 13:55 |
|---|---|---|
| kornbluth.freenode.net | Users on #wikid: WiKIDLogBot @nowen joevano | 13:55 |
| nowen | that's better | 14:08 |
| *** cdub_ (40fee8e2@gateway/web/freenode/ip.64.254.232.226) has joined #wikid | 19:57 | |
| cdub_ | Have you had any reports of the latest version of IOS causing issues with the wikid app? | 19:57 |
| *** cdub_ has quit (Ping timeout: 245 seconds) | 20:33 | |
| *** dystie (c7ff5332@gateway/web/freenode/ip.199.255.83.50) has joined #wikid | 21:10 | |
| dystie | hey Nick. | 21:10 |
| nowen | hey | 21:57 |
| nowen | dystie: you still here? | 21:57 |
| dystie | yes. :) | 21:58 |
| dystie | sorry, was in another tab. | 21:58 |
| nowen | me too - well, another room | 21:58 |
| dystie | :) | 21:58 |
| dystie | so. i wanted to bounce past you the best way to handle this - | 21:58 |
| dystie | I have DBAs who like to share credentials. | 21:58 |
| dystie | and they share machines. | 21:58 |
| dystie | so same DBA will use the same win 7 desktop as other DBAs | 21:58 |
| dystie | i'm trying to figure out the best way to prevent credential sharing; the locked JAR file doesnt appear to support preregistration | 21:59 |
| dystie | it might be best to put them on a USB stick token, but that didn't look straightforward in that you have to manually copy a file that gets written to c: | 21:59 |
| dystie | (unless I'm incorrect) | 21:59 |
| nowen | hmm, I'll have to check on the locked token pre-reg thing. it should support it | 22:00 |
| dystie | and the desktops don't have java by default. I've been having them use the non-java installer and manually installing java, but i'm going to have their desktop support person test to see if the package that incldues the jar works on their stuff. | 22:00 |
| dystie | please do - i need to make it so it's user friendly but so they stop sharing their passwords | 22:00 |
| dystie | unlocked tokens make it too easy. | 22:00 |
| dystie | but it's also got to be easy to administrate, and my current install instructions for wikid + how to access us are like. 30 pages. | 22:00 |
| nowen | so, they share windows creds too? | 22:01 |
| dystie | which means i'm / we're doing it wrong | 22:01 |
| dystie | oh yes. | 22:01 |
| dystie | i've started performing daily review of the tickets they work and comparing the tickets against our access logs. | 22:01 |
| dystie | as far as on their desktops, i don't knwo if they log out and log in as themselves | 22:02 |
| dystie | thier management indicates that they do. | 22:02 |
| dystie | and if the token software is multiuser and does not share the same seed between users - if there's an install path that means they can share it on the same desktop in different profiles, that's preferable. | 22:02 |
| dystie | i've not had to deal w/ that for angel employees. | 22:02 |
| nowen | well, if they install as different windows users, they have different keys | 22:03 |
| nowen | 30 pages? | 22:03 |
| nowen | that seems excessive. | 22:03 |
| dystie | it is. | 22:04 |
| dystie | the problem is that the process really is that busted - when you start w/ downloading the jar, then java, then installing + configuring the jar, then downloading + installing + configuring openvpn, it gets log. | 22:04 |
| dystie | long. | 22:04 |
| nowen | want me to take a look at it? | 22:08 |
| dystie | instructions? sure - onesec. i was actually going to pop them to you in case they helped anyone else, or at least the wikid specific portions. | 22:08 |
| dystie | nowen@wikidsystems.com? | 22:08 |
| nowen | yes | 22:09 |
| dystie | gimmie a few; email box quota fail. | 22:22 |
| nowen | ok | 22:22 |
| dystie | you should have mail | 22:33 |
| nowen | got it | 22:33 |
| nowen | hmm. not sure why the locked token is only one 19 | 22:35 |
| nowen | only on | 22:35 |
| joevano | dystie: I can't believe that you have DBAs that share credentials... that is shocking and scary to me | 22:35 |
| dystie | yeah, i looked at that. | 22:35 |
| dystie | joevano: :) | 22:35 |
| dystie | working on them. | 22:35 |
| dystie | it's a india thing. | 22:36 |
| nowen | dystie: you should fake an incident and then blame the wrong one ;) | 22:36 |
| dystie | nah, i have the ability to prove things a bit better. i've got a writeup process now that appears to be effective. | 22:36 |
| joevano | oh... yeah the cultural differences have surprising reprucutions | 22:37 |
| dystie | i audit every ticket they work against who logged in. if there's a difference I escalate to their management for confirmation, if it's not legit then both users involved get kicked for a period of time | 22:37 |
| dystie | i notify senior management on down, so they lose face. | 22:37 |
| dystie | losing face is the only thing that works on them. | 22:37 |
| dystie | so i'm working on it, but the technical issues (it's not easy to get the creds working right) are a reason we have problems, and i need to streamline. | 22:37 |
| dystie | they know if they don't knock it off they'll lose the contract, and i'm working on a contract change that will allow us to actually sue them. | 22:38 |
| joevano | that would make them stand up and notice | 22:38 |
| dystie | yeah. i'm pouring pressure down in the way that supposedly works. | 22:39 |
| dystie | it's expensive to switch vendors, so we're trying to change their behavior before we replace them. | 22:39 |
| nowen | ok - do you use the jar or the exe? | 22:42 |
| nowen | http://www.wikidsystems.com/webdemo/tokens/j2se/3.1.21-locked/wikidtoken-3.1.21.exe | 22:43 |
| nowen | http://www.wikidsystems.com/webdemo/tokens/j2se/3.1.21-locked/wikidtoken-3.1.21.jar | 22:43 |
| nowen | wikidtoken-3.1.21-bundle-installer.exe/wikidtoken-3.1.21-bundle-installer.exe | 22:43 |
| nowen | erp | 22:43 |
| nowen | http://www.wikidsystems.com/webdemo/tokens/j2se/3.1.21-locked/wikidtoken-3.1.21-bundle-installer.exe | 22:43 |
| nowen | those all support pre-reg | 22:43 |
| dystie | onesec | 22:44 |
| dystie | a.For Windows, the client is ‘wikidtoken-3.1.22.exe’ under Unlocked Token Clients: was what we're using. | 22:46 |
| nowen | I thought you wanted a locked token that supports pre-reg? | 22:46 |
| dystie | yes, i do. | 22:47 |
| dystie | thats' what we were using / is in the doc | 22:47 |
| dystie | looking at hte site | 22:47 |
| nowen | ok - I can bump the locked tokens to .22 if you like | 22:48 |
| dystie | i'm not seeing htose linked off the site | 22:48 |
| nowen | I haven't posted them yet | 22:48 |
| dystie | yes, pplease. | 22:48 |
| dystie | esp the one with the embedded jre becuase that's the one i'd like to try and push | 22:48 |
| dystie | what about using it on a usb stick? | 22:48 |
| nowen | not sure if the locked token will 'lock' on a usb stick | 22:49 |
| nowen | it uses data from the pc like the cpu identifier | 22:49 |
| dystie | for the embedded jre 3.2.22 - if I have them install the embedded jre clietn as any user, is it then reusable (the software) by other users, but the seed per user is locked still to the machine? | 22:53 |
| dystie | just want to make sure that that client is multiuser so I can have them test it on their image. | 22:54 |
| nowen | hmm | 22:54 |
| nowen | I'm not sure if it is available to any user | 22:54 |
| nowen | is that the way it works now? | 22:55 |
| dystie | i don't think so. | 22:55 |
| dystie | i'm checking w/ our image (which is not theirs, sadly.) | 22:55 |
| nowen | well, nothing has changed in that regard | 22:55 |
| dystie | k. if I let them use the unlocked token on a usb stick, how complex is that to set up? | 22:56 |
| dystie | in terms of say having them go to a administrators' desk to get the token, and have to configure it + set their angel credentials at the admins' desk. | 22:56 |
| nowen | not sure i follw | 22:57 |
| dystie | one of the options the contractor proposed was to have a centralized contact set folks up | 22:58 |
| nowen | the only difference for a usb token is that you will have to make sure that the WiKIDToken.wkd file is on the usb and not the hd | 22:58 |
| dystie | so for me to distribute credentials to that person and for that person to have the dba go to the contacts' desk and configure the token | 22:58 |
| dystie | ok, so it's a manual step to copy the token seed file to the usb key. | 22:59 |
| nowen | yes | 22:59 |
| dystie | basically it's the same as wikid checks the current directory for the jar for the seed file and then checks the default install directories? | 23:00 |
| nowen | yes | 23:00 |
| dystie | k. hrm. ok. then sending them a bunch of usb keys won't work becaue it'd require that manual step every time they set someoen up. | 23:01 |
| nowen | yes | 23:02 |
| nowen | brb | 23:03 |
| nowen | website is updated btw | 23:04 |
| *** dystie has quit (Ping timeout: 245 seconds) | 23:05 | |
| *** dystie (c7ff5332@gateway/web/freenode/ip.199.255.83.50) has joined #wikid | 23:19 | |
| dystie | so - i'm looking at the packed installer | 23:19 |
| dystie | and i get this error (emailing) | 23:19 |
| dystie | looks like Angels' default image *does not* contain a JRE | 23:22 |
| dystie | just mailed you the screenshot of the error we get when we try and use it (which is why our install process involves manually installing hte jre) | 23:22 |
| dystie | whatcha think? | 23:22 |
| nowen | let me check on it. i have emailed to the dev. seems like it is not picking up the packaged jre | 23:43 |
| dystie | yeah - if that can be fixed it'll take out pages of my instructions. | 23:44 |
| nowen | ok - time for me to check out | 23:44 |
| nowen | I'll be back tomorrow | 23:44 |
| dystie | kk | 23:46 |
| *** nowen has quit (Quit: Leaving.) | 23:46 | |
| *** dystie has quit (Quit: Page closed) | 23:46 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!