Re: [foxboro] Fwd: Windows based I/A Foxview user name & password
- From: Corey R Clingo <clingoc@xxxxxxxxxxxxx>
- To: foxboro@xxxxxxxxxxxxx
- Date: Thu, 26 Jan 2006 22:20:44 -0600
Yes, we saw the same problem here. They make all the I/A services run as
the "IA" user (name changed to mildly protect us hapless customers) rather
than LocalSystem, so you are screwed if you want to change passwords. I
suppose you could go change the user/pass on each service, and it might
work, but I never had time to try it; I punted and changed the password
back to the default, and instead spent time tightening my firewall rules.
I too comically observed that this was from a company that also sold
"security services" (which, from reading the white papers, I roughly
interpreted as, "we build a mock-up of your system, and turn stuff off
until it breaks". Gee...so much for leveraging design knowledge of their
system). Reminds me of ol' Jimmy Swaggart from when I grew up in Baton
Rouge. I had wondered where he ended up... :)
I only bought an XP box because I had to (as an OPC gateway). I hope to
be able to stay away from Win I/A as best I can until Foxboro at the least
makes their Windows offering "native" to the platform (rather than a hasty
port of their Unix codebase), and offers improved functionality and value
over the Unix version -- at least enough to offset the drawbacks of
running on Windows.
Corey
"Duc M Do" <duc@xxxxxxxxxx>
Sent by: foxboro-bounce@xxxxxxxxxxxxx
01/26/2006 02:55 PM
Please respond to
foxboro@xxxxxxxxxxxxx
To
foxboro@xxxxxxxxxxxxx
cc
Subject
[foxboro] Fwd: Windows based I/A Foxview user name & password
This note was sent to the webmaster@xxxxxxxxxxxxxxxxxxxxxxx address, but
I think it's meant for the list.
Yes, when we first got our XP workstation and ran across this same
issue, we could only shake our head and wonder aloud, "How can they *do*
that?"
Duc
On Thu, 26 Jan 2006 12:39:35 -0600, "Daniel Wu" <Daniel_Wu@xxxxxxxxxxxx>
wrote:
>
>
>
>
> Greetings to every one:
>
> My apology for a long e-mail!!
>
> We have several Solaris based I/A systems on site and have recently
> installed a separate Window-XP based I/A in another area. On a Solaris
> based AW, we connect our network PC and servers to the AW using the user
> name "root". Periodically, we change the "root" password to follow our
> IT policy. Foxview environment passwords are used to limit access for
> different groups of Foxview users on AW and WP. One cannot log into
the
> SHELL environment with correct root/password . The security works well
> for us.
>
> On our newly installed Window XP based AW and WPs, we use the Foxboro
> provided Window user name (let's say it is IAuser / IApassword) to log
in
> the AW's to make changes to IACC, sequence codes, recipes and graphics.
> Generally, we log into the AW's via our plant network. Same user name
> and password combination applies to all AWs and WPs. WP's are setup to
> be in lockdown mode while on AW, any authorized user has full access to
> all files.
>
> One day, I changed "IApassword" to something that followed our IT policy
> on the AW. After that, I could not bring up Foxview. I consulted
Foxboro
> engineers about the problem. Foxboro's comment was that I/A was built
> with the user name IAuser and IApassword, I had to use the same user
name
> and password combination to log into the AW (or WP). Otherwise, Foxview
> will not come up. This applies to all WP operator consoles. That means
> we cannot change the password on a Windows based I/A WP or AW --- ever.
> This was a surprise to me --- considering Foxboro is selling their
network
> security services. Username/password authentication is the only means
we
> have to stop unauthorized access to the DCS. It will a tough sale to
our
> IT folks that we can change passwords on our DCS user accounts. Another
> problem is that if a WP goes into "lock" mode for whatever reason
> (different than a screen save mode). The operator must know the
username
> "IAuser" and password "IApassword" to unlock the WP to use Foxview.
>
> There are two problems for us: 1. Current I/A architecture prohibits us
> from following our IT password policy -- change passwords periodically.
> It is a big security problem. 2. If an operator, with pure luck gets the
WP
> into "lock" mode, I (with my luck, it is most likely to be 2 AM in the
> morning or hours away from the plant) need to drive back to the plant to
> enter the password "IApassword" to unlock the WP. If I give out the
> password to the operators, they can log into the AWs with full access to
> all files on the AWs. I had several discussion with Foxboro engineers.
> Their response was that was way I/A was built and no solution was
> provided.
>
> Do any Window based I/A users have same experience? Any suggestion on
> how to resolve or get around the problems.
>
> Thanks for your attention!
>
> Daniel Wu
> Huntsman Corporation
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: //www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: //www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
Other related posts:
