Bookshelf v8.1/8.2: Reencrypting Password Parameters in the Siebns.dat File

This topic provides information on how to reencrypt Gateway Name Server parameters that are encrypted in the siebns.dat file after you have increased the level of encryption you use with Siebel Business Applications. For information on how to increase the encryption level using the Siebel Strong Encryption Pack, see About the Siebel Strong Encryption Pack and Increasing the Encryption Level.

Masked parameters are parameters that have their values encrypted. In the siebns.dat file, parameters that specify password values are masked when they are written to the file. You must reencrypt masked parameters after increasing the encryption level because otherwise the Siebel Server attempts to decrypt the encrypted password using the original encryption key and compares the result to the password entered. If this happens, then the Siebel Server writes an error to the keydbmgr.log log file.

Table 9 lists the parameters that are encrypted in the siebns.dat file that must be reencrypted when you increase the encryption level. Most, but not all, of the masked parameters are Siebel Server parameters that can be changed using the Server Manager program. The following procedure describes how to reset encrypted parameters to use a new encryption level using Server Manager.

To reset encrypted parameters to use a new encryption level using Server Manager

Table 9 lists the parameters that you must reencrypt if you increase the encryption level and indicates how you can reencrypt each parameter .

Table 9. Encrypted Parameters
Parameter	Description	How to Reencrypt the Parameter
ApplicationPassword	This parameter is defined for named subsystems of type InfraSecAdpt_LDAP [the default names are LDAPSecAdpt and ADSISecAdpt]. This parameter is set if LDAP or ADSI security adapter authentication is used.	Siebel Web Clients can use the Server Manager command. Siebel Mobile Web Clients or Developer Web Clients must edit the appropriate application configuration file.
CRC CustomSecAdpt_CRC	These parameter are defined for named subsystems of type InfraSecAdpt_DB, InfraSecAdpt_LDAP, or InfraSecAdpt_Custom. These parameters specify the checksum validation value for the security adapter DLL file and are set for LDAP, ADSI, database, and custom security adapters. For further information on checksum validation, see Configuring Checksum Validation. CAUTION: Do not reset or change the value of the DBSecAdpt_CRC parameter. Changing the value of the CRC parameter for the database security adapter can disrupt the correct functioning of your Siebel application.	Siebel Web Clients can use the Server Manager command. Siebel Mobile Web Clients or Developer Web Clients must edit the appropriate application configuration file.
ClientDBAPwd	This parameter is specified for the Database Extract server component.	Use the Server Manager command.
DSPassword	This parameter is defined for named subsystems of type InfraDataSource (it can be set for the ServerDataSrc named subsystem, or another data source). It is specified for database security adapter authentication.	Siebel Web Clients can use the Server Manager command. Siebel Mobile Web Clients or Developer Web Clients must edit the appropriate application configuration file.
DSPrivUserPass PrivUserPass	These parameters are specified for the Generate Triggers Siebel Server component.	Use the Server Manager command.
DbaPwd NewDbaPwd	These parameters are specified for the Generate New Database Siebel Server component used with Siebel Remote.	Use the Server Manager command. For information on changing these parameters, see Siebel Remote and Replication Manager Administration Guide.
ExtDBPassword	This parameter provides credentials for the database specified in the external database subsystem.	Use the Server Manager command.
KeyFilePassword	The key file stores the encryption keys that encrypt and decrypt data. The file is encrypted with the key file password.	Using the Key Database Manager utility. For further information, see Changing the Key File Password. This parameter is also changed in the eapps.cfg file.
MailPassword	This parameter is set for the email account that Siebel Email Response uses to connect to the SMTP/POP3 or SMTP/IMAP email servers.	Use the Server Manager command. For information on this parameter, see the topics on assigning parameter overrides for a communications profile in Siebel Email Administration Guide.
Password	This parameter, set at the Siebel Enterprise level, is the password for the system user (for example, SIEBADMIN) specified by the Username parameter. It is recommended that you do not change the value for this parameter when you reencrypt it.	Use the Server Manager command.
TableOwnPass	This parameter specifies the password for the Database Table Owner (DBO) account, which is used to modify the Siebel database tables.	Siebel Web Clients can use the Server Manager command. Siebel Developer Web Clients must edit the appropriate application configuration file. Change the parameter in the Siebel database. See Changing the Table Owner Password for instructions.
TrustToken CustomSecAdpt_TrustToken	These parameters apply in a Web SSO environment only, and are defined for named subsystems of type InfraSecAdpt_LDAP and InfraSecAdpt_Custom. These parameters are also specified for the SWSE; the setting must be the same on both the SWSE and the security adapter.	Siebel Web Clients can use the Server Manager command. Siebel Mobile Web Clients or Developer Web Clients must edit the appropriate application configuration file. Edit the eapps.cfg file for SWSE.

Siebel Security Guide		Copyright © 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices.