Environment
NetIQ Identity Manager 4.5
Situation
In the bi-directional fanout driver, when syncing a user's password
from the ID Vault to a connected system, if the password contains
one an escapable character (such as $) it adds an escape character
(backslash) to the connected system password.
Resolution
Work-Around:
Modify the modify-password.sh and add-user.sh script. In both files, locate the following line:
Modify the modify-password.sh and add-user.sh script. In both files, locate the following line:
password=`IDMGETVAR PASSWORD`and change it as follows:
password=`IDMGETVAR PASSWORD internal`
Cause
Certain characters require being 'escaped' when being
evaluated in a scripting environment in order to prevent malicious
data from being sent to create a script "injection" scenario.
This means escapable characters, such as "$", have to be converted
to use an escape character ("\$", as an example). Otherwise
the shell would interpret it as a shell variable and expand it's
value.
Status
Reported to EngineeringAdditional Information
Passwords do not go to the shell for evaluation. They are
passed, via stdin, directly to the internal utility that sets
passwords. Therefore, using the "internal" mode for passwords
does not escape these characters and leaves it as-is.