Encrypting Server-side Passwords

Server Configuration > Post Install Server Security > Encrypting Server-side Passwords

For specified server-side passwords, the Windchill RV&S server can run with plain text passwords or an encrypted password configuration. Encrypted server-side passwords provide an additional level of security by eliminating plain text passwords that can be viewed in the server files. Hence, PTC recommends using encrypted password configuration.

Encryption of server-side passwords is independent of the transport protocol defined in your security scheme.

The client-side encryption of preferences in the IntegrityClient.rc file is always enabled and cannot be disabled; it is not affected by server-side password encryption or the encryptPassword utility on the server.

The following are the server-side passwords that can be encrypted:

Password Encrypted	Found in Properties File Under installdir/config/properties
ldap.credential	security.properties
si.anonymousPassword	si.properties
mksis.im.prodPassword	im.properties
mks.dbPassword (database connection password) mksis.proxy.default.adminPassword mksis.proxy.<serverAlias>.adminPassword mksis.privatekey.password mksis.apiSession.defaultPassword	is.properties
mkisis.serversalt	encryption.properties