Oracle Agile Engineering Data Management Security Guide Release e6.2.1.0 E69102-01 |
|
Previous |
Next |
Agile e6 supports the Advanced Encryption Standard (AES); this encryption mechanism is used to encrypt the passwords within property files.
In some cases you may need to encrypt passwords manually.
To encrypt a password, you can use the epkeytool which is part of the Agile e6 installation.
The epkeytool can be started by calling:
Windows:
%ep_root%\axalant\cmd\epkeytool.bat -encryptpwd -keyStore file://<complete path to the wallet which has to be used>/cwallet.sso -keyAlias orakey
UNIX:
${ep_root}/axalant/scripts/epkeytool.sh -encryptpwd -keyStore file://<complete path to the wallet which has to be used>/cwallet.sso -keyAlias orakey
Note: Which wallet you have to use depends on which component should work with the encrypted password. (The wallet you have to use depends on which component works with the encrypted password.)The section "Manual Creation of Wallets" explains in detail how to manually create a wallet and the manual deployment of that wallet. |
The epkeytool prompts for the password to encrypt, the output (encrypted password) will look similar to:
{PLM-AES-128}RSA-PUBLIC-BASE64:QjFurSOpjlhQER+wZFF7L/XgD1+npwlEBcK0DDpNeYJ8gbxhIxuMZpZ4yEsuGuJQ5eZJiUHsHEW1X1pJddylUmrZm6rn+rx/BOfZlITnUvMpF93Ej11wdVu+DObmSazKD3v7rpAwpKXsFMeiKCVVVF7g5C2k033/UZTCnoPUAtE={PLM-AES-128}CVVOULGVgv06h2FJCMrAGrvyEgCeV9S0gZoTF4uCgL8=
For the following components you need to encrypt passwords manually:
Batch Client
OfficeSuite PDF Generator
AutoVue Offline Metafile Cache
All these components are based on the Batch Client technology. For each scenario, the components have property files which contain the Batch user password.
Note: An Agile e6 batch user account must have limited access to the Agile e6 system and the installation directory needs to be secured to protect the properties files. |
The Batch Clients do not support clear text passwords.
The epkeytool is available directly from the installation package. The scripts for Windows and UNIX are located in the directory installer/tools/bin.
The following list shows all passwords that are encrypted with the epkeytool.
Database Password in the <ep_root>/init/<env>.xml file
Java Daemon Administration Password
Unprivileged Windows User Password
Local Windows User which is used by the following services:
Java
FMS
Java and Portmapper
Location | Purpose | Batch Installation Property | Wallet | Comment |
---|---|---|---|---|
<ep_root>/init/<env>.xml | Database Password | plm.application.dbpassword | Server | Manual modification |
<ep_root>/axalant/ini/jade.ini | Java Admin Password | plm.javadaemon.admpwd | Server | Manual modification |
<ep_root>/build/applicationServer/weblogic_121/deploy/<env>/web.xml | Database Password | plm.application.dbpassword | Server | Automatically added while redeploying the Business Service |
<ep_root>/staging/product/application/<env>/BusinessService/META-INF/eSeriesDataSource-jdbc.xml | Database Password | plm.application.dbpassword | WebLogic | Automatically added while redeploying the Business Service |
<ep_root>/staging/product/application/<env>/BusinessService/BusinessService.war/WEB-INF/classes/ABS_<env>.ini | Mail Authentication Password | plm.application.mail_auth_password | Server | Automatically added while redeploying the Business Service |
%ALLUSERSPROFILE%\agile\installer\6.2.0\admin\apache-tomcat\webapps\AdminClient\metadata\Adminserver_Props.txt | Admin Client Windows Password | - | adminclient | Manual modification |
${HOME}/.agile/installer/6.2.0/admin/apache-tomcat/webapps/AdminClient/metadata/Adminserver_Props.txt | Admin Client UNIX Password | - | adminclient | Manual modification |
Privileged Windows User Password that use Windows encryption mechanisms.
Local Windows User which is used by the following service:
File Server
The user credentials are stored in the Agile e6.2.1.0 Batch Client properties file.
Batch user in properties files for standard Batch Client
Batch user in properties files for Office Suite PDF generator
Batch user in properties files for AutoVue Offline Metafile cache
To protect the user password, it must be encrypted by the batchkeytool.
Call the batchkeytool without any parameters to encrypt a password.
Enter the password.
The output is:
{PLM-AES-128}RSA-PUBLIC-BASE64:QjFurSOpjlhQER+wZFF7L/XgD1+npwlEBcK0DDpNeYJ8gbxhIxuMZpZ4yEsuGuJQ5eZJiUHsHEW1X1pJddylUmrZm6rn+rx/BOfZlITnUvMpF93Ej11wdVu+DObmSazKD3v7rpAwpKXsFMeiKCVVVF7g5C2k033/UZTCnoPUAtE={PLM-AES-128}CVVOULGVgv06h2FJCMrAGrvyEgCeV9S0gZoTF4uCgL8=
Copy the encrypted password into the scenario properties file for user password.
Note: The password is also stored in the clipboard. |
Example:
Note: Please make sure that the example is a continuous line. |
# PLM Client client1=USER_NAME,{PLM-AES-128}RSA-PUBLIC-BASE64:QjFurSOpjlhQER+wZFF7L/XgD1+npwlEBcK0DDpNeYJ8gbxhIxuMZpZ4yEsuGuJQ5eZJiUHsHEW1X1pJddylUmrZm6rn+rx/BOfZlITnUvMpF93Ej11wdVu+DObmSazKD3v7rpAwpKXsFMeiKCVVVF7g5C2k033/UZTCnoPUAtE={PLM-AES-128}CVVOULGVgv06h2FJCMrAGrvyEgCeV9S0gZoTF4uCgL8=,com.agile.LGVCall
The user credentials are stored in the following default files:
Location | Purpose | Wallet | Comment |
---|---|---|---|
<batch_root>/examples/eciserver.properties | Batch user password | Batch Wallet | Manual modification |
<batch_root>/examples/LGVCall.properties | Batch user password | Batch Wallet | Manual modification |
<batch_root>/examples/LgvLoop.properties | Batch user password | Batch Wallet | Manual modification |
<autovue_batch_root>/axalant/batch/vuelink.properties | Batch user password | Batch Wallet | Manual modification |
<office_pdf_root>/axalant/pdf/OfsPdf.properties | Batch user password | Batch Wallet | Manual modification |