Bookshelf Home | Contents | Index | PDF     

Siebel Security Guide > Security Adapter Authentication > Process of Configuring User and Credentials Password Hashing >

Configuring Password Hashing of Database Credentials

The procedure in this topic describes how to configure database credentials password hashing with Siebel Business Applications.

This task is a step in Process of Configuring User and Credentials Password Hashing.

To implement database credentials password hashing

  1. For each applicable database account, create and record a login name and a password.
  2. To hash one or more passwords, run the hashpwd.exe utility at a command prompt. For command syntax options, see Running the Password Hashing Utility.
  3. For each database account, assign the hashed passwords to their corresponding database accounts.

    For information about setting credentials for database accounts, see your RDBMS documentation.

  4. In the LDAP directory or Active Directory, specify the unhashed version of the password for the attribute that contains the database account.

    The database credentials password must be stored in unhashed form in the directory because the password is hashed during the authentication process. Users cannot log into the Siebel database using a password obtained through unauthorized access to the directory because the unhashed password in the directory will not match the hashed version stored in the database.

    As an additional security measure, however, you can define an access control list (ACL) to restrict access to the directory attribute containing the unhashed version of the password or, if you are implementing a shared database account, the shared database login name and hashed password can be specified as profile parameters for the LDAP or ADSI Security Adapter profiles.

    For information about required attributes in the directory, see Requirements for the LDAP Directory or Active Directory. For information on setting up directory ACLs, see your directory vendor documentation.

  5. Using Siebel Server Manager, configure the security adapter for credentials password hashing. For the LDAP or ADSI security adapter:
    • Set the HashDBPwd parameter to TRUE.
    • The hash algorithm is based on the setting you previously made for the HashAlgorithm parameter when you configured user password hashing.
Related Topics

About Password Hashing

Configuring User Password Hashing

      
Siebel Security Guide Copyright © 2014, Oracle and/or its affiliates. All rights reserved. Legal Notices.