Passwords

This Section details the Update Password Utility and password encryption in CA Business Service Insight.

This section contains the following topics:

Update Password Utility

The Update Password utility modifies passwords in CA Business Service Insight services, the CA Business Service Insight COM+ engine and Oracle DB.

Because passwords in database connection strings are encrypted in CA Business Service Insight version 8.2, it is difficult to update passwords in multiple configuration files. This makes it inconvenient to update passwords manually.

The utility:

Updates passwords for database connections
Updates Data Sources (TNS name)
Updates passwords of services
Updates COM+ passwords

Run the program after changing at least one of the following passwords:

Windows password.
When a user changes the windows password, run ‘Update Password’ Utility program and enter the new password. The program modifies the services account, passwords and COM+ engine credentials according to the password the user enters. Only CA Business Service Insight services which use the user account credentials (not ‘Local system’ account) is changed.
Oracle credentials.
The Password Update utility provides the user with the ability to change the Oracle DB password for each of the various database users used by CA Business Service Insight:
- Sla
- Mtn
- Csl
- Edr
- Psl
- Rpt
- Obl
Note: When a user changes:
- The Obl (oblicore) password, two additional files are also changed:
  - oblisync-ds.xml
  
  - ace2-ds.xml.
- The CA Business Service Insight user, this file also changes:
  - DBSource.properties

Notes:

The JBoss password updates when the Obl password updates.
The SMI password updates when the CA Business Service Insight password updates.
The Update Password utility doesn’t update passwords of services running with account LocalSystem.

Using the Update Password Utility

Follow these steps:

Run the Password Utility from %OG_HOME%\Utilities\PassUpdate\PassUpdate.exe
The update password utility dialog opens. It lists all the connection string names and the users.
On the Database tab, click the Change button at the top to modify the data source (Oracle TNS names). Enter the new data source The utility modifies the TNS name in all configuration files.
Click the button (...) next to the name of any connection string to open the update dialog.
You can enter a new password and/or user name for that connection string.
1. Click update to update the user name and/or password.
To apply the password to all users, click the checkbox "Apply password to all users" before opening the update dialog.
The utlity updates the password for all users when changed.
Insight Connection String. Update this for SMI components.

The pane in the Services tab lists all CA Business Service Insight services that are running in accounts other than localsystems.

Note: The utility does not update passwords with account localsystem.

Click the Services tab to open it.
Enter the Username and password for the account.
Click Change Password.
The password updates for all services. The utility then restarts the services.

Note: The utility simultaneously updates the password for the COM+ engine.

Password Hiding / Encryption

Password Hiding / Encryption prevents others from seeing the passwords entered on the Web UI.

Previously, passwords in database connection strings were visible as plaintext in the Web UI. The result was that passwords were visible to anybody who opened the web page. Password encryption "hides" passwords by displaying them only in an encrypted format.

Passwords are no longer visible as plaintext. Instead, we use a password placeholder (${PWD}) for the password in database connection strings.

Note: The password placeholder is hardcoded; users cannot modify it.

The password now displays in a text box as “.” and password confirmation is still required.

Connection string builders automatically extract passwords from a connection string.

These areas use password encryption:

Connection strings in SQL Adapters
Connection string segments in SQL Adapters
Query Builder in SQL Adapters
Test connection strings in SQL adapters
Connection strings in Free-Form reports
Connection strings in Date Loading Forms

Password Encryption Locations

Passwords are encrypted in these locations:

Registry.xml file
%OG_HOME%\bin\Registry.xml
- Sla
- Mtn
- Csl
- Edr
- Psl
- Rpt
- Obl
- Dash
An encrypted password string generally looks like this.
%OG_HOME%\Tomcat\conf\DBSource.properties
If the property “encrypt” is set to “Y”, SMI treats passwords as encrypted text.

JBOss.

Oblisync and ACE2 run in JBoss. Passwords are encrypted in the configuration file..

%OG_HOME%\standalone\configuration\standalone-full-Oblisync.xml 
%OG_HOME%\standalone\configuration\standalone-full-ACE2.xml
<security>
    <security-domain>encrypted-oblisync-defaultds</security-domain>
</security>
 
<security-domain name="encrypted-oblisync-defaultds" cache-type="default">
    <authentication>
        <login-module code="org.picketbox.datasource.security.SecureIdentityLoginModule" flag="required">
            <module-option name="username" value="obl" />
            <module-option name="password" value="2f34371127b18a0b" />
        </login-module>
    </authentication>
</security-domain>

Password Hiding (Encryption)

You can use three methods to create connection strings.

The connection string builder
The connection string template
Write connection string manually (no instructions provided).

Connection String Builder

Follow these steps:

Go to Design, Data Acquisition, Adapters.
Click Add New.
The adapter Wizard displays.
Fill in the required parameters (marked with an asterisk *) and click Next to go to the Connection step.
The connection step opens.
Select the Database Type.
Click "Set Connection string".
The Data Link Properties dialog displays.
Select the OLE DB Provider(s) and click Next.
The Connection Tab displays.
Fill in the required information.
Click Test Connection and click OK.

Connection String Template

Follow these steps:

Go to Design, Data Acquisition, Adapters.
Click Add new.
The adapter Wizard displays.
Fill in the required parameters (marked with an asterisk *) and click next to go to the Connection step.
The connection step dialog opens.
Select the Database Type.
Click Select from Template.
The Data Source Template dialog displays.
Select the appropriate template (Oracle) and click OK.
The information displays in the Connection string text box and in the password fields.
Replace the general template information (such as "Source=MyTNSAliasName" and "UserId=MyUsername") with the correct information.
Enter the password into the password and password verification fields.
Test the connection.

Connection String Locations

These location on the CA Business Service Insight menu contain connection strings.

Adapters

Design\Data Acquisition\Adapters\Add New\SQL Adapter\Next\connection string
Design\Data Acquisition\Adapters\Add New\SQL Adapter\Next\Adavanced\Connection String Segments\Add segment\segment details
Design\Data Acquisition\Adapters\Add New\SQL Adapter\Next\Next\Open Query Builder\Query builder in adapter
Design\Data Acquisition\Adapters\Add New\SQL Adapter\Next\Next\Advanced\Test Connection String\test connection string

Data Loading Forms

GUI Path:

Design\Data Acquisition\Data Loading Forms\Add New\Drag "DropDownItems"\Properties\Items\"Collection" Button\Select Items from Data Source\select data source\Data Source Config Wizard

Free-Form Reports

Reports\Report Folders\Add New\Free-Form Report\connection string and parameters
If you want to use the password in parameters for connection string, the token for password in parameter must be used in connection string.
Reports\Report Folders\Add New\Free-Form Report\Open Query Builder\query builder