Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

RTC command line interface - password encryption

Folks,
   The documentation I've found so far is unclear and the forum searches provide answers that, while correct, are far too specific to provide a clear example of how password encryption works.  So, the question is this....

   How do I ... provide a userid/password one (1) time, ever, have it stored encrypted, and use it later for any script.

   To flip it around, I NEVER want to put a userid/password pair in clear text in ANY script.

   I am willing to create a cache, once (ever), ... but then want to always reference the cache from a script no matter how many times the script is run.

   The documentation and forum answers seem to hint that the first time a script is run, it must provide authentication in clear text and then subsequent commands can use the cache.

1 vote



4 answers

Permanent link
-You would use 'scm login --generatePasswordFile <path_to_file>' to first generate the password file.
-Then once generated, this file can be re-used at any time using 'scm login --password-file <path_to_file>'.

Note: This password file is encrypted, and thus we do not allow users to create it by 'hand' (which would defeat the purpose of encoding it in the first place).

0 votes


Permanent link
did you find any way to solve this issue until the Enhancement Request is implemented?

The -c option does not prevent the user to enter at least the password manually at the first login (which makes script automation useless) because it does no automatically takes the value from the repositories.txt file.

The other option of having a clear password with -P password means having to write a clear password and it goes against security policies.

Did you find any way to reference the repositories.txt file as the place to read the password from with the -P option of the lscm login command?

Thanks

-1 votes

Comments

We solved it by having a local file with the PWD - you can have it encrypted as well if you want.

We wrote a utility which handles the scm commands, so this utility first reads the PWD file and performs the login according to it.
The main thing we earn by this is if the user's PWD has changed, we dont need to re-compile our utility, since it is dynamic.
Not perfect, but better than changing it all the time. 


Permanent link
Hi Kevin,

Run "scm login" from a command prompt. "scm login" stores the credentials along with the repository url and repository id in a file named repositories.txt file which can be found under $HOME/.jazz-scm. These credentials (password is encrypted) will be maintained in the repositories.txt file until 'scm logout' command is run. So it would be available across different runs of your build script and hence you need not have to specify the credentials in your script. If your build script doesn't configure the CLI's configuration directory location (by setting the SCM_CONFIG_DIRECTORY environment variable or by specifying the --config command line option) then you can stop here else follow further. If your build script specifies the config directory location then copy the repositories.txt file found under $HOME/.jazz-scm to the config directory location specified in the build script.

Hope this helps!

Cheers,
Sridevi
RTC SCM CLI

2 votes

Comments

The need is to have an offline PWD file ready (like we create using JBE build engine) and use this file to login to scm as well  , otherwise it means during scm login command we must always type the password when executing a scm command the first time.

Is there a WorkItem enhancement for this or shall i submit one?


Permanent link
 Hi Kevin,  I believe the closest thing available at this time is explained in the following post which describes where the -c option on scm login stores the cached pwd. 
https://jazz.net/forum/questions/65727/using-quotscm-loginquot-command-with-c-option-cache-pw

At this time there isn't a way that I am aware of to store the login information to a file like the JBE does for continual re-use.  

1 vote

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details

Question asked: Jun 11 '13, 10:56 a.m.

Question was seen: 9,789 times

Last updated: Oct 10 '18, 10:25 a.m.

Confirmation Cancel Confirm