Tuesday, November 17, 2015

ssoadm CLI - when to encrypt password?

So my OpenAMM ssoadm CLI journey continues ... 




To create a datastore, the following command is used:

$ ./ssoadm create-datastore -u amadmin -f .pwd.txt -e / -m DS1 -t LDAPv3ForOpenDS -D /data/bin/patch/am-config/datastore-DS1.conf

The content of datastore will be as follows:

sun-idrepo-ldapv3-config-ldap-server=dj2-test.XXX.net:1389
sun-idrepo-ldapv3-config-ldap-server=dj1-test.XXX.net:1389
sun-idrepo-ldapv3-config-authid=uid=openam,ou=service accounts,o=XXX
sun-idrepo-ldapv3-config-authpw=ampwd
:
:

Notice that password must be in clear and not encrypted using ampassword CLI. Once the create-datastore command is executed, the password will be stored in encrypted form in the OpenDJ.



But still remember this?

$ ./ssoadm set-svrcfg-xml -u amadmin -f .pwd.txt -s http://am0-test.XXXX.net:8080/auth -X /data/bin//am-config/dir-conf.xml




Notice that the passwords must be encrypted within this XML structure.

So when to encrypt password? I'm not too sure. It's not consistent.


.

No comments:

Post a Comment