Security Guide for Siebel eBusiness Applications > Security Adapter Authentication > Configuring Password Hashing >
Configuring User and Credentials Password Hashing
Use the procedures below to implement password hashing for user passwords or for database credentials. User passwords and database credentials account passwords may be stored in the locations described in Usage Guidelines for Password Hashing, according to the authentication method you are using. NOTE: Some steps in the procedures below, such as those for setting configuration parameter values using Siebel Server Manager, may alternatively be accomplished by using the LDAP/ADSI Configuration Utility. For details, see Using the LDAP/ADSI Configuration Utility.
Configuring User Password Hashing
Use the procedure below to configure user password hashing. To implement user password hashing
- For each user, create and record a username and a password.
- To hash one or more passwords, run the hashpwd.exe utility at a command prompt. For command syntax options, see Running the Password Hashing Utility.
- For each user, do one of the following:
- Using Siebel Server Manager, configure the security adapter for user password hashing.
- For the database security adapter (typically,
DBSecAdpt ):
- Set the
DataSourceName parameter to the name of the applicable data source (for example, ServerDataSrc ).
- For the applicable data source, set the
DSHashUserPwd parameter to TRUE .
- For the applicable data source, set the
DSHashAlgorithm parameter to RSASHA1 (this is the default value) or SIEBELHASH (the Siebel proprietary algorithm).
- For the LDAP or ADSI security adapter (typically,
LDAPSecAdpt or ADSISecAdpt ):
- Set the
HashUserPwd parameter to TRUE .
- Set the
HashAlgorithm parameter to RSASHA1 (this is the default value) or SIEBELHASH (the Siebel proprietary algorithm).
- Provide to each user the username and the clear-text password for logging in.
Configuring Database Credentials Password Hashing
Use the procedure below to configure database credentials password hashing. To implement database credentials password hashing
- For each applicable database account, create and record a login name and a password.
- To hash one or more passwords, run the hashpwd.exe utility at a command prompt. For command syntax options, see Running the Password Hashing Utility.
- For each database account, assign the hashed passwords to their corresponding database accounts.
For information about setting credentials for database accounts, see your RDBMS documentation.
- In the LDAP/ADS directory, specify the unhashed version of the password for the attribute that contains the database account.
For information about required attributes in the directory, see Requirements for LDAP/ADS Directory.
- Using Siebel Server Manager, configure the security adapter for credentials password hashing.
- For the LDAP or ADSI security adapter:
- Set the
HashDBPwd parameter to TRUE .
- The hash algorithm will be based on the setting you previously made for the
HashAlgorithm parameter when you configured user password hashing.
|