verifycfg
Use the verifycfg program to verify that a given account will be bypassed by password strength checking and/or synchronization, according to per-target criteria set in the specified intcptsvc configuration file. Neither actual account strength checking, nor synchronization, is performed by this utility. This tool is useful for verifying whether the configuration file is designed properly before putting the interceptor online.
This program is installed by intcpt.msi or intcpt-64.msi on a Windows transparent password synchronization trigger system and can be found in the following directory:
<Program Files path>\Bravura Security\\Password Filter\util\
Usage
verifycfg.exe [-c <file>] [-l <level>] -u <user>
Argument | Description |
|---|---|
-c, --cfg <cfg> | Specify the intcptsvc configuration file. The default is intcptsvc.cfg |
-l, --level <N> | The debug level 1-6. The default is 4. |
-u, --user | The user to be verified (required). |
For example:
verifycfg.exe -c ..\service\intcptsvc.cfg -u qa1000 -l 4
returns:
Loading service configuration file:[..\service\intcptsvc.cfg]...succeeded. Retrieve user:[qa1000]'s attributes and evaluate settings... User: qa1000 Session has been created successfully Target: End_Users -- None bypass <<== It means this account will be strength checked and synchronized against 'End_Users' target Retrieve target: [End_Users], user: [qa1000]'s status...( FindUser ) If return code belongs set [( 100 )] will be treated as strength check failed Target: [End_Users], user: [qa1000]'s status = 200, message = userid=qa1000 username=qa 1000 Returned [200] [userid=qa1000 username=qa 1000], strength check will be successful <<== The account was found in Pass through idpm. Target: Admin_Users -- Bypass both strength check and synchronization <<== It means this account will NOT be strength checked and synchronized against 'Admin_Users' target
Note
If the debug level is greater than 4 (default), verifycfg returns more detail on how the account falls into which categories.