It's all about the answers!

Ask a question

Why does SCM continue to require a password after executing scm login?


Paul Newman (133) | asked Dec 03 '13, 2:30 p.m.
retagged Dec 13 '13, 2:33 p.m. by David Lafreniere (4.4k7)
we are using RTC 4.0.0.1. All of the SCM commands I have tried request my password to complete. This is true even though I have logged in using the SCM login command. Is there any procedure I can use to prevent every command requesting a password after each command is entered?

Accepted answer


permanent link
Shashikant Padur (4.0k27) | answered Dec 03 '13, 10:21 p.m.
JAZZ DEVELOPER
Use the -c/--cache option to cache the password. It will cache the password after the user has entered the password.
scm login -r https://repoUri -u userName -n repoNickName -c
Geoffrey Clemm selected this answer as the correct answer

Comments
Paul Newman commented Dec 04 '13, 3:28 p.m. | edited Dec 08 '13, 10:00 a.m.

That's it! thanks, Shashikant.

One other answer



permanent link
Kevin Ramer (4.4k6158178) | answered Dec 03 '13, 2:35 p.m.
edited Dec 03 '13, 2:35 p.m.
Use the -n flag when you do the scm login, then use the value you used for -n for -r on subsequent scm actions.

Usage: scm login [options]


Options:
  --certificate arg          - The file that contains the user's login
                               certificate.
  --smartCard                - Uses the connected smart card for
                               authentication.
  -c [--cache]               - Caches the password on prompt.
  -n [--nickname] arg        - The nickname of the repository.
  -P [--password] arg        - The password for the repository.
  -r [--repository-uri] arg  - The URI that specifies the location of the
                               repository.



Comments
Paul Newman commented Dec 03 '13, 3:11 p.m.

Thanks, Kevin
I have been using the -n and -r options.

So far, scm list, scm create workspace, scm load and scm status all require passwords after logging in with the -n option. Note that scm status does not allow a -r option so I guess it is to be expected that it always requires a password (though certainly it is annoying). The rest all allow a -r nickname option but still request a password. For example I will paste in a 'scm login' and a 'scm accept' command so you can see (I've changed the IDs and host names for security purposes):
> scm login -r https://rtc.example.com:9443/ccm -n mynickname -u myid@example.com
Password (myid@example.com @ https://rtc.example.com:9443/ccm):          
Logged in to https://rtc.example.com:9443/ccm
>
> scm accept -r mynickname -v
Password (paulcnew@ca.ibm.com @ https://rtc.example.com:9443/ccm/):          
Workspace unchanged.


Kevin Ramer commented Dec 03 '13, 3:13 p.m. | edited Dec 03 '13, 3:39 p.m.

Using -P ( on the login only ) as well ought to complete the picture.  Of course, for scripting this can expose one's password to other users on certain systems.


Paul Newman commented Dec 03 '13, 4:01 p.m.

Hi, again.
I tested your suggestion and it does work but exposes my intranet password in several places so this clearly is an insecure solution. Can you suggest a secure method of solving this problem with RTC?

thanks.


Kevin Ramer commented Dec 03 '13, 4:09 p.m. | edited Dec 03 '13, 4:12 p.m.

That discussion has been made before.  There is no perfectly secure way.  You could digest the password and save the digest and when needed un-digest the password on the fly.  But if any other individual can access that same machine they would likely also have access to any tooling used to try to obfuscate the password.

https://jazz.net/forum/questions/76303/encryption-of-passwords-in-teamserverproperties

Shows how one can do with jbe.  There's not (as far as I'm aware) a decription. 


Paul Newman commented Dec 03 '13, 4:59 p.m.

Thanks. My immediate concern is that interactive usage puts my password on my screen and into my command history file. It seems like it may be a bug that scm behaves differently depending on whether the password was obtained from the command line or obtained with a read system call. In either case scm should be able to associate my nickname and my password.

If there is no solution to this problem, can you please direct me to the bug reporting system for RTC?

I am also wondering if there is a reason why scm status does not have a -r option. command. It is a commonly used command and having to enter the password every time is inconvenient.

Thanks again for your assistance.

Your answer


Register or to post your answer.