To use certain features of APS, specifically the LDAP Rebind and Write back features, the APS Configuration File must contain an LDAP administrator's password. Putting this in the file in clear text may be considered a security problem at some sites.
APS will read the password setting from the file. If the value of the setting is encrypted, APS will decrypt it before use. If the setting is not encrypted, it will be used as the administrator password verbatim.
The APSEncrypt utility will take a password on the command line, encrypt it and output it to the screen. It can then be cut and pasted into the APS Configuration File. Thus, LDAP administrator passwords will not appear in the configuration file in clear text.
Note that such encryption is only supported within the APS Configuration File. It is not supported by command line utilities.
There is no command line utility to decrypt resulting values.
|
Copyright © 2014 CA.
All rights reserved.
|
|