Security Guide for Siebel eBusiness Applications > Security Adapter Authentication > Configuring Password Hashing >

Configuring User and Credentials Password Hashing

Use the procedures below to implement password hashing for user passwords or for database credentials.

User passwords and database credentials account passwords may be stored in the locations described in Usage Guidelines for Password Hashing, according to the authentication method you are using.

NOTE:  Some steps in the procedures below, such as those for setting configuration parameter values using Siebel Server Manager, may alternatively be accomplished by using the LDAP/ADSI Configuration Utility. For details, see Using the LDAP/ADSI Configuration Utility.

Configuring User Password Hashing

Use the procedure below to configure user password hashing.

To implement user password hashing

1. For each user, create and record a username and a password.
2. To hash one or more passwords, run the hashpwd.exe utility at a command prompt. For command syntax options, see Running the Password Hashing Utility.
3. For each user, do one of the following:
   • In a database authentication environment, set the credentials for a database account to the username and the hashed password.

     For information about setting credentials for database accounts, see your RDBMS documentation.

   • In an LDAP/ADSI authentication environment, set the values in the directory attributes for username and password to the username and the hashed password.
4. Using Siebel Server Manager, configure the security adapter for user password hashing.
   • For the database security adapter (typically, DBSecAdpt):
     • Set the DataSourceName parameter to the name of the applicable data source (for example, ServerDataSrc).
     • For the applicable data source, set the DSHashUserPwd parameter to TRUE.
     • For the applicable data source, set the DSHashAlgorithm parameter to RSASHA1 (this is the default value) or SIEBELHASH (the Siebel proprietary algorithm).
   • For the LDAP or ADSI security adapter (typically, LDAPSecAdpt or ADSISecAdpt):
     • Set the HashUserPwd parameter to TRUE.
     • Set the HashAlgorithm parameter to RSASHA1 (this is the default value) or SIEBELHASH (the Siebel proprietary algorithm).
5. Provide to each user the username and the clear-text password for logging in.

Configuring Database Credentials Password Hashing

Use the procedure below to configure database credentials password hashing.

To implement database credentials password hashing

1. For each applicable database account, create and record a login name and a password.
2. To hash one or more passwords, run the hashpwd.exe utility at a command prompt. For command syntax options, see Running the Password Hashing Utility.
3. For each database account, assign the hashed passwords to their corresponding database accounts.

   For information about setting credentials for database accounts, see your RDBMS documentation.

4. In the LDAP/ADS directory, specify the unhashed version of the password for the attribute that contains the database account.

   For information about required attributes in the directory, see Requirements for LDAP/ADS Directory.

5. Using Siebel Server Manager, configure the security adapter for credentials password hashing.
   • For the LDAP or ADSI security adapter:
     • Set the HashDBPwd parameter to TRUE.
     • The hash algorithm will be based on the setting you previously made for the HashAlgorithm parameter when you configured user password hashing.