When you install more than one Enterprise Management Server, each server uses its own encryption key with which to encrypt and decrypt data in the central database. If your environment uses multiple Enterprise Management Servers to write data to and read data from a single central database, each server must use an identical encryption key.
Important! Complete the following steps only if you did not specify the FIPS key that the primary Enterprise Management Server uses when you installed the secondary Enterprise Management Server, using the -DFIPS_KEY option.
To configure the servers to use an identical encryption key
JBoss_HOME/server/default/deploy/IdentityMinder.ear/config/com/netegrity/config/keys
A message appears informing you that files by that name exists.
The new files are placed in the directory. Each Enterprise Management Server now uses an identical encryption key.
JBoss_HOME/server/default/conf/login-config.xml
JBoss_HOME/server/default/deploy/properties-service.xml
The primary and secondary Enterprise Management Servers now encrypt and decrypt data with an identical encryption key.
Example: Encrypted AES Password
The following snippet of the login-config.xml file shows an encrypted AES password:
<application-policy name="imobjectstoredb"> <authentication> <login-module code="com.netegrity.jboss.datasource.PasswordEncryptedLogin" flag="required"> <module-option name="userName">user1</module-option> <module-option name="password"> {AES}:/lxnvWwAEcYhSmOu3YT3ow==</module-option> <module-option name="managedConnectionFactoryName"> jboss.jca:name=jdbc/objectstore,service=NoTxCM</module-option> </login-module> </authentication> </application-policy>
Copyright © 2013 CA Technologies.
All rights reserved.
|
|