Encrypting Integrity Lifecycle Manager Agent Passwords
For specified Integrity Lifecycle Manager Agent passwords, the Integrity Lifecycle Manager Agent can run with plain text passwords or an encrypted password configuration. Encrypted Integrity Lifecycle Manager Agent passwords provide an additional level of security by eliminating plain text passwords that can be viewed in the Integrity Lifecycle Manager Agent files.
|
|
Encryption of Integrity Lifecycle Manager Agent passwords is independent of the transport protocol defined in your security scheme.
|
The following Integrity Lifecycle Manager Agent passwords can be encrypted:
|
Password Encrypted
|
Found in Properties File Under installdir/
|
|
ldap.credential
|
/config/properties/security.properties
|
|
mkagent.privatekey.password
mksagent.apiSession.defaultPassword
mksagent.smtpserver.serverpassword
|
/config/properties/agent.properties
|
|
*
|
/data/password.properties
|
|
tm.adapter.*.apiSession.defaultPassword
|
/config/properties/tm.properties
|
Migrating to Encrypted Integrity Lifecycle Manager Agent Passwords
By default, Integrity Lifecycle Manager Agent is installed with passwords configured in plain text. If you want to change the default installation and run with encrypted Integrity Lifecycle Manager Agent passwords, you can use the encryptPassword application to modify the Integrity Lifecycle Manager Agent files for password encryption. The encryptPassword application is located as follows:
installdir\bin\encryptPassword.exe
|
|
Before running the encryptPassword application, you must first stop the Integrity Lifecycle Manager Agent. After you run the application and restart the Integrity Lifecycle Manager Agent, the system will then use encrypted passwords.
|
When the application is run, if the Integrity Lifecycle Manager Agent is running in the default plain text password configuration, it migrates the Integrity Lifecycle Manager Agent to the encrypted password configuration; if the Integrity Lifecycle Manager Agent is already running in the encrypted password configuration, it encrypts any Integrity Lifecycle Manager Agent passwords that are in plain text and writes them back to the file in the encrypted format.
To run the application directly and migrate to encrypted passwords, specify encryptPassword with options as follows:
encryptPassword -e|--encryptPassword
or
./encryptPassword -e|--encryptPassword
where
• encryptPassword runs the application for password encryption.
• -e|--encryptPassword specifies the option to migrate the system on the Integrity Lifecycle Manager Agent from plain text passwords to encrypted passwords. If the Integrity Lifecycle Manager Agent is already running in the encrypted password configuration, this option specifies to encrypt any remaining plain text passwords. For example, encryptPassword -e.
For a list of the passwords that are encrypted by the
encryptpassword application, see
“To change encrypted passwords on Integrity Agent”.
The following procedure outlines the syntax for encryptPassword where no options are specified and you are presented with a text menu to guide you through the migration process.
Related Links
