UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21. Read more.
UPDATE! The community will be go into read-only on April 19, 8am Pacific in preparation for migration on April 21.Read more.
This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
skoehler
Commodore
Commodore
‎2021-03-18 14:01
312 views

How to update passwords in ism-configuration.properties

Jump to solution

Hi all,

I want to handle password changes (like keystores and technical users) by a script, so I need to update the passwords stored at ism-configuration.properties.

I haven’t found any documentation about calling configupdate.sh with command line parameters (like ndsconfig set we all know about) to configure the options I intend, so I assume I have to modify ism-configuration.properties itself.

That brings up a few questsions:

I find parameters ending at .pwd._attr_obscurity with a value of ENCRYPT. Is there any documentation about that, does it support any other values and what does ENCRYPT stand for (well obviously encryption, but which kind of, how could I encrypt a new password myself to replace the string). The corresponding parameter “.pwd” looks like 3 base64-encoded components separated by :, but doing a decode of each of these components didn’t give me anything that reminds me to my passwords set.

Can I modify each of the parameters and trigger a restart of tomcat to make things work the way I’d like or is there some more magic behind configupdate.sh (like updating other conf-files)

Steffen


------
IDentAcc
Reply
Report Inappropriate Content
1 Solution

Accepted Solutions
geoffc
Knowledge Partner Knowledge Partner
Knowledge Partner
‎2021-03-18 14:17

Jump to solution

This is actually in the docs! 

https://www.netiq.com/documentation/identity-manager-48/setup_linux/data/b17xtt5c.html

 

You can change the password of a property, for example com.netiq.rpt.ssl-keystore from the command line by performing the following steps:

    Use the below utility to encrypt your password:

    /opt/netiq/common/jre/bin/java -jar tomcat/lib/obscurity-0.7.0-uber.jar <<Password>>

    Navigate to the ism-configuration.properties file located at /opt/netiq/idm/apps/tomcat/conf/ directory.

    Modify the ism-configuration.properties file and add the encrypted password specified in step 2 for the com.netiq.rpt.ssl-keystore.pwd parameter.

    Save the file and restart Tomcat.

So you need to call the obscurity JAR to encrypt the password, then you can update the values in the file via your script.

View solution in original post

Reply
Report Inappropriate Content
4 Replies
geoffc
Knowledge Partner Knowledge Partner
Knowledge Partner
‎2021-03-18 14:17

Jump to solution

This is actually in the docs! 

https://www.netiq.com/documentation/identity-manager-48/setup_linux/data/b17xtt5c.html

 

You can change the password of a property, for example com.netiq.rpt.ssl-keystore from the command line by performing the following steps:

    Use the below utility to encrypt your password:

    /opt/netiq/common/jre/bin/java -jar tomcat/lib/obscurity-0.7.0-uber.jar <<Password>>

    Navigate to the ism-configuration.properties file located at /opt/netiq/idm/apps/tomcat/conf/ directory.

    Modify the ism-configuration.properties file and add the encrypted password specified in step 2 for the com.netiq.rpt.ssl-keystore.pwd parameter.

    Save the file and restart Tomcat.

So you need to call the obscurity JAR to encrypt the password, then you can update the values in the file via your script.

View solution in original post

Reply
Report Inappropriate Content
skoehler
Commodore
Commodore
‎2021-03-18 14:29

Jump to solution
Thanks a lot, missed that one!

------
IDentAcc
0 Likes
Reply
Report Inappropriate Content
geoffc
Knowledge Partner Knowledge Partner
Knowledge Partner
‎2021-03-18 15:04

Jump to solution

The server.xml <Connections> uses this encryption method as well if you need to script the DB passwords into it.

And there is one more type of encrypted password.... 

The OSP file for bootstrap admin, uses a different method, also in the docs (Basically a different Java class) which I forget the link and am now too lazy to find for you.  So if you want different bootstrap admin (More of an IDG than IDM thing) then you need that file).

 

0 Likes
Reply
Report Inappropriate Content
skoehler
Commodore
Commodore
‎2021-03-18 15:15

Jump to solution

got it...

yeah, all relevant info in 1 place - that's still a dream of mine...


------
IDentAcc
0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.