Bookshelf Home | Contents | Index | Search | PDF | ![]() ![]() ![]() ![]() |
Security Guide for Siebel eBusiness Applications > Authentication Details > Authentication Options >
Credentials Password Encryption
Credentials password encryption allows you to maintain an unexposed, encrypted password to a database account, while an unencrypted version of the password is used in other phases of the authentication process.
Credentials password encryption can be implemented in the following authentication strategies:
- Siebel security adapter authentication
- Web SSO
NOTE: You can implement credentials password encryption with the Siebel encryption utility. This utility and applicable installation instructions are available from Siebel Technical Support.
Credentials password encryption supports the following principles:
- For each database account, a password is first encrypted. For example,
siebel
is encrypted asT>?Be
.- The encrypted version is stored as the valid password for the database account.
- The unencrypted version of the password is stored in the attribute containing the database account for each applicable user in the directory.
A user is logged into the database by the following process:
- The authenticated user's database account, stored in the directory, is passed to the authentication manager by the security adapter.
- The Application Object Manager receives the user credentials from the authentication manager.
- The Application Object Manager encrypts the password (
T>?Be
).- The Application Object Manager verifies that the database account identified by the user credentials exists and has a password that matches the encrypted version (
T>?Be
).- The Application Object Manager connects the user to the database and the Siebel application.
NOTE: You cannot implement credentials password encryption if the data source you are connecting to is undocked. A data source is undocked if
Docked
=FALSE
for the data source in the application's configuration file.To implement credentials password encryption
- For each database account, create and record the login name and a password.
- Do one or more of the following:
- To encrypt an individual password, enter and run the following command at a command prompt:
encrypt
password
The utility encrypts the argument and verifies the results. For example, to encrypt the password "siebel," enter:
encrypt siebel
The confirmation from the utility is similar to:
Encoding String => siebel <= to => T>?Be <=
Verify encoding => T>?Be <= to => siebel <=
- To encrypt multiple passwords at the command prompt, use the following command-line syntax:
encrypt
password1 password2 password3
...
- To encrypt multiple passwords using a batch file:
Enter the passwords into a batch file (in this instance, the file is named passwords.txt), and then use the following command-line syntax:
encrypt @passwords.txt
- Assign the encrypted passwords to their corresponding database accounts.
For information about assigning passwords to database accounts, see your RDBMS documentation.
- For each Siebel application that implements credentials password encryption, set the following parameter value in the application's configuration file. For example, edit the eservice.cfg file for Siebel eService.
In the [adapter_name] section, for example [LDAP]:
EncryptCredentialsPassword = TRUE
For information about setting Siebel application configuration file parameters, see Siebel Application Configuration File Parameters.
- Make sure that the attribute in the directory that contains the database account contains the unencrypted version of the database password.
For information about required attributes in the directory, see Requirements for Directory.
Credentials password encryption is discussed in a usage context in Security Adapter Deployment Options.
Bookshelf Home | Contents | Index | Search | PDF | ![]() ![]() ![]() ![]() |
Security Guide for Siebel eBusiness Applications Published: 23 June 2003 |