LDAP server = CA DXserver r12.0 (build 6484) Linux/DXgrid 64-Bit
I am trying to edit the userPassword attribute in the users section. I am able to enter a new SSHA password and also verify it. Once entered the userPassword shows as SSHA Hashed Password as expected.
However while editing, if I choose a SSHA-256 / SSHA-384 or a SSHA-512 as the hash method, the userPassword attribute shows as a SHA Hashed Password and the password verification also fails.
I am using Apache Directory Studio eclipse plugin for testing this out.
Is there any other configuration that is required at the LDAP server level to make this work?
Thanks in Advance
Charlie
Usually, the password hashing algorithm is configured on the server side. The server will either accept a password already hashed with the appropriate algorithm, or will hash using its configured algorithm any password that it considers as not hashed. My guess is that CA server doesn't recognize the SSHA-2 hashed passwords as properly hashed. This said, I don't have experience with CA Directory specifically.
Related
So I have a password that my password manager overwrote, and I self host the server (NextCloud) and I would like to know if it is possible to revert the hashed password with the salt key I have, I heard NextCloud uses Argon2i when using PHP 7.0 and later (and I'm running PHP 7.0 or later) so is it possible to revert my password back to it's original state and put it back into the password manager (Sorry I'm a bit of a noob when it comes to dehashing/decrypting passwords because I've never needed to dehash/decrypt my passwords before)
Edit: If I were to provide my argon'd password, could someone crack it or better yet tell me how to crack it, based on the mysql database it seems to have the parameters used to make the password by argon (probably to de-argon it to check if the password is actually correct)
This is a very specific solution but in the event that you are using nextcloud and you have access to the account when losing your password, just download all the files, make a new account and upload them to that account and delete the old account
Our application server (Apache Tomcat Plume) that use jta-managed data source through tomee.xml file should access database server just in secure (HTTPS) mode with two way ssl or client authentication.
So we have to put keystore and truststore plain passwords into setenv.sh or other places in row format. (I m not sure that is the first and last method to do that?) and what happens is tomcat logging mechanism log all these secret information in plain format into log files like catalina.out.
That what (locating raw passwords in config files) is we do not want. Actually we must ( although it s not appear a big threaten while user have access to files, could find real password atleast), encrypt password and use it in environment variables.
Central Question
In other word, how can we set jvm properties and environment variables in encrypted mode?
Re: Hide or disable Tomcat command line arguments logging (the title of this question)
This logging is done by VersionLoggerListener it is possible to configure it, or just remove it from configuration (server.xml).
Re: plaintext passwords handling
This is covered in Tomcat FAQ.
A Vault can be used to store secrets.
Sorry for my bad English, but if you can help my it will be great.
I have couple of file system over my network and every night I need to take one file from another file system to mine.
for that to happen i'm using a Batch script how mapping me the drive with net use command.
my problem is that i don't want the password will go through clear text
( To see my password or to sniff it).
my questions is :
there is any way that i can encrypt my password and still login with the same credentials.
Thank You
If you can set up a Domain controller using either one of your Windows machines, or Samba, then you could use Trusted authentication based on the user executing the scheduled job that executes the batch file.
Alternately, you could encrypt the password and have a program decrypt it and execute the net use, but you're always* going to be faced with the fact that if your computer can send the password out when you don't type it in, then your computer knows your password, and anyone with physical access to that computer can get your password.
*Unless your computer doesn't know the password, and instead relies on an HSM (Hardware Security Module).
I had the same thing but found a nice workaround.
The passwords are not stored in DOS so I went from the run menu and simply typed the name of the path like "\server\files".
When it asked for credentials I ticked the checkbox "Save credentials"
The password will then be stored in your Windows Credential Manager (control panel) and this way your dos batch file fwill always now the password.
If you natively encrypt an SSIS package using Encrypt all with password (EncryptAllWithPassword), identified from MS as: "Uses a password to encrypt the whole package. The package is encrypted by using a password that the user supplies when the package is created or exported. To open the package in SSIS Designer or run the package by using the dtexec command prompt utility, the user must provide the package password. Without the password the user cannot access or run the package." Does this mean that all data WITHIN the package is also encrypted? Or just the surrounding package and how it is trasmitted?
The reason I am asking is, I am relatively new to SSIS and my client is being extremely careful with how their data is sent over the internet. If I create an SSIS package and set the protection level to Encrypt All With Password, can I safely say that everything in that package is secure until it's run with the proper password? Or do I need to take a different approach.
Encrypt all data with password - uses an arbitrary password provided by the package designer to encrypt entire package content, applying Triple DES cipher algorithm. The password is required in order to open, import, export, or execute the package. Since its content is obfuscated, attempting to view it directly does not provide any meaningful insight into its structure.
http://www.databasejournal.com/features/mssql/article.php/3898676/Securing-the-Content-of-SSIS-Packages.htm
Encryption levels are described in this article.
Encrypting all with password protects both connection strings, passwords, and database schema (all the package is encrypted), so it's save to use this option with sensitive data.
Encrypting with user key might be slightly better as keys are generally longer than passwords, but in practice just use the method that is more convenient.
What crypto algorithm would I use to generate the passwords within a htpasswd file?
I'm running a Visual basic program and using an ftp server to FTP up client files. Im creating new directories for each client and want to add some password protection to each clients directory (for http access).
The server runs apache on linux.
What I've read is that apache uses a slightly modified version of MD5, as well as the systems base "crypt" method. This page: http://httpd.apache.org/docs/current/programs/htpasswd.html#security seems to say that I can use one of several algorithms. I guess at the moment I am confused as to how it chooses with encryption to use.
yes, it's possible. Apache can recognise different encryptions by the salt that preceeds it
The algorithm is chosen by the first sub-field of the password field. A typcial htpasswd file entry looks like this:
ralph:$1$abcd1234$Kx528z52Ohx1JLSzliZmw0
By field:
ralph is the user name
1 is the hash algorithm identifier. 1=md5, 5=sha-256, 6=sha-512
abcd1234 is the salt (not very salty here, usually generated via some pseudo-random technique)
Kx528z52Ohx1JLSzliZmw0 is the hash.
A one-line python command to create the hash using the password and salt as inputs is:
python -c "import crypt, getpass, pwd; print crypt.crypt('password', '\$1\$abcd1234\$')"
DISCLAIMER: This answer largely lifted from slm on another forum after <5 minutes of research.