...
- In morphString.properties, set the encrypt.key entry to a random alphanumeric string, or a pathname of a file containing the alphanumeric string
In sources.xml, and grouper.hibernate.properties, encrypt the passwords with:
Windows:Code Block C:\mchyzer\isc\dev\grouper-qs-1.2.0\grouper>java -jar lib\morphString.jar Enter the location of morphString.properties: conf/morphString.properties Type the string to encrypt (note: pasting might echo it back): The encrypted string is: ede9aa3fe38e68d811107f886a941cc6
Unix:Code Block /opt/grouper-qs-1.2.0/grouper>java -jar lib/morphString.jar Enter the location of morphString.properties: conf/morphString.properties Type the string to encrypt (note: pasting might echo it back): The encrypted string is: ede9aa3fe38e68d811107f886a941cc6
Put results in a file, and put the file path where the passwords were in sources.xml or grouper.hibernate.properties (absolute file path must contain a slash)
Windows:Code Block hibernate.connection.password = c:/pass/myGrouper/mySource.pass
Unix:
dfCode Block hibernate.connection.password = /opt/pass/myGrouper/mySource.pass
Info Note: an absolute path is required. The configuration will use the "/" directory delimiter to distinguish between an external file reference and a literal password string.
Example
e.g. Here is my morphString.properties
Put a random alphanumeric string (Case sensitive) for the password encryption. e.g. fh43IRJ4Nf5
or put a filename where the random alphanumeric string is. e.g. c:/whatever/key.txt
encrypt.key = C:/mchyzer/isc/dev/grouper/grouperDecryptKey.txt
set this to true if you have slashes in your passwords and dont want to look in external files
encrypt.disableExternalFileLookup = false
In the file: C:/mchyzer/isc/dev/grouper/grouperDecryptKey.txt is a key like: fur43MD2kl
Then I take my db password from sources.xml and grouper.hibernate.properties, and I encrypt like this (note, two ways to do it, the default which masks the input [though kind of shady due to java], and one the doesnt mask in case masking has problems... note both show the same output):
C:\mchyzer\isc\dev\grouper-qs-1.2.0\grouper>java -jar lib\morphString.jar
Enter the location of morphString.properties: conf/morphString.properties
Type the string to encrypt (note: pasting might echo it back):
The encrypted string is: 2aac86f12aexxxxxx81144b5b1e4ba
C:\mchyzer\isc\dev\grouper-qs-1.2.0\grouper>java -jar lib\morphString.jar dontMask
Enter the location of morphString.properties: conf/morphString.properties
Type the string to encrypt (note: pasting might echo it back): test
The encrypted string is: 2aac86f12aexxxxxx81144b5b1e4ba
Then write that encrypting string to the password file, in my case:
C:/mchyzer/isc/dev/grouper/grouperLocalPass.txt
And in grouper.hibernate.properties and sources.xml, replace the password with that file location:
hibernate.connection.password = C:/mchyzer/isc/dev/grouper/grouperLocalPass.txt
<init-param>
<param-name>dbPwd</param-name>
<param-value>C:/mchyzer/isc/dev/grouper/grouperLocalPass.txt</param-value>
</init-param>
this requires morphString.jar
The ldap source adapter supports encrypted passwords as of version 2.1.0. (4 years later)
For example, ldap.properties may contain :
edu.vt.middleware.ldap.bindDn=cn=Manager,dc=example,dc=edu
edu.vt.middleware.ldap.bindCredential=/grouper.apiBinary/conf/ldap.pwd
Where ldap.pwd contains the encrypted password.
grouper.apiBinary> java -jar lib/grouper/morphString.jar
Enter the location of morphString.properties: conf/morphString.properties
Type the string to encrypt (note: pasting might echo it back):
The encrypted string is: l3hr1pI0A+Dd6HP/5BUCDw==
grouper.apiBinary> echo l3hr1pI0A+Dd6HP/5BUCDw== > ldap.pwd