Encrypting PTC RV&S Agent Passwords

Agent Installation and Configuration > PTC RV&S Agent Security > Encrypting PTC RV&S Agent Passwords

For specified PTC RV&S Agent passwords, the PTC RV&S Agent can run with plain text passwords or an encrypted password configuration. For more information on the encryptpassword application, see the topic Migrating to Encrypted Server-side Passwords

Encrypted PTC RV&S Agent passwords provide an additional level of security by eliminating plain text passwords that can be viewed in the PTC RV&S Agent files.

Encryption of PTC RV&S Agent passwords is independent of the transport protocol defined in your security scheme.

The following PTC RV&S Agent passwords can be encrypted:

Password Encrypted	Found in Properties File Under installdir¹/
ldap.credential	/config/properties/security.properties
mkagent.privatekey.password mksagent.apiSession.defaultPassword mksagent.smtpserver.serverpassword	/config/properties/agent.properties
*	/data/password.properties
tm.adapter.*.apiSession.defaultPassword	/config/properties/tm.properties

¹ Where installdir is the path where you installed Windchill RV&S Agent

Migrating to Encrypted PTC RV&S Agent Passwords

By default, PTC RV&S Agent is installed with passwords configured in plain text. If you want to change the default installation and run with encrypted PTC RV&S Agent passwords, you can use the encryptPassword application to modify the PTC RV&S Agent files for password encryption. The encryptPassword application is located as follows:

installdir\bin\encryptPassword.exe

Before running the encryptPassword application, you must first stop the PTC RV&S Agent. After you run the application and restart the PTC RV&S Agent, the system will then use encrypted passwords.

When the application is run, if the PTC RV&S Agent is running in the default plain text password configuration, it migrates the PTC RV&S Agent to the encrypted password configuration; if the PTC RV&S Agent is already running in the encrypted password configuration, it encrypts any PTC RV&S Agent passwords that are in plain text and writes them back to the file in the encrypted format.

To run the application directly and migrate to encrypted passwords, specify encryptPassword with options as follows:

encryptPassword -e|--encryptPassword

./encryptPassword -e|--encryptPassword

where

• encryptPassword runs the application for password encryption.

• -e|--encryptPassword specifies the option to migrate the system on the PTC RV&S Agent from plain text passwords to encrypted passwords. If the PTC RV&S Agent is already running in the encrypted password configuration, this option specifies to encrypt any remaining plain text passwords. For example, encryptPassword -e.

For a list of the passwords that are encrypted by the encryptpassword application, see To change encrypted passwords on PTC RV&S Agent.

The following procedure outlines the syntax for encryptPassword where no options are specified and you are presented with a text menu to guide you through the migration process.