Why does SCM continue to require a password after executing scm login?
Accepted answer
One other answer
Usage: scm login [options]
Options:
--certificate arg - The file that contains the user's login
certificate.
--smartCard - Uses the connected smart card for
authentication.
-c [--cache] - Caches the password on prompt.
-n [--nickname] arg - The nickname of the repository.
-P [--password] arg - The password for the repository.
-r [--repository-uri] arg - The URI that specifies the location of the
repository.
Comments
Thanks, Kevin
I have been using the -n and -r options.
So far, scm list, scm create workspace, scm load and scm status all require passwords after logging in with the -n option. Note that scm status does not allow a -r option so I guess it is to be expected that it always requires a password (though certainly it is annoying). The rest all allow a -r nickname option but still request a password. For example I will paste in a 'scm login' and a 'scm accept' command so you can see (I've changed the IDs and host names for security purposes):
> scm login -r https://rtc.example.com:9443/ccm -n mynickname -u myid@example.com
Password (myid@example.com @ https://rtc.example.com:9443/ccm):
Logged in to https://rtc.example.com:9443/ccm
>
> scm accept -r mynickname -v
Password (paulcnew@ca.ibm.com @ https://rtc.example.com:9443/ccm/):
Workspace unchanged.
Using -P ( on the login only ) as well ought to complete the picture. Of course, for scripting this can expose one's password to other users on certain systems.
Hi, again.
I tested your suggestion and it does work but exposes my intranet password in several places so this clearly is an insecure solution. Can you suggest a secure method of solving this problem with RTC?
thanks.
That discussion has been made before. There is no perfectly secure way. You could digest the password and save the digest and when needed un-digest the password on the fly. But if any other individual can access that same machine they would likely also have access to any tooling used to try to obfuscate the password.
https://jazz.net/forum/questions/76303/encryption-of-passwords-in-teamserverproperties
Shows how one can do with jbe. There's not (as far as I'm aware) a decription.
Thanks. My immediate concern is that interactive usage puts my password on my screen and into my command history file. It seems like it may be a bug that scm behaves differently depending on whether the password was obtained from the command line or obtained with a read system call. In either case scm should be able to associate my nickname and my password.
If there is no solution to this problem, can you please direct me to the bug reporting system for RTC?
I am also wondering if there is a reason why scm status does not have a -r option. command. It is a commonly used command and having to enter the password every time is inconvenient.
Thanks again for your assistance.