It's all about the answers!

Ask a question

Encryption of passwords in teamserver.properties


Anthony Kesterton (7.5k9180136) | asked May 03 '12, 4:28 p.m.
JAZZ DEVELOPER
Hi all

The teamserver.properties file contains a database user password. What technique/method is used to encrypt this password? The security team at my customer wants to know.

thanks

anthony

Accepted answer


permanent link
Kunal Doddanavar (45222732) | answered Jun 25 '15, 3:14 a.m.
 Hi,
     The original password is passed through a Data Encryption Standard (DES) algorithm and is then passed through a base64 algorithm before being written to the teamserver.properties file.

- Kunal
Ralph Schoon selected this answer as the correct answer

4 other answers



permanent link
Ken Green (6133) | answered May 15 '12, 1:44 p.m.
Hi all

The teamserver.properties file contains a database user password. What technique/method is used to encrypt this password? The security team at my customer wants to know.

thanks

anthony


Can someone answer this: We don't necessarily need to know the encryption/encoding method because it would be unsafe to publish that information; however, does RTC contain a tool similar to the WAS PropFilePasswordEncoder that we can use to encode the passwords in the teamserver.properties files from the command line?

This would be extremely helpful because we have to change passwords every 90 days. It is easier to edit the teamserver.properties file rather than change passwords in the UI. After editing passwords (in the clear) in the teamserver.properties file, we would like to run a command line tool to encode the passwords.

Thanks.

permanent link
Ken Green (6133) | answered May 23 '12, 4:30 p.m.
If you install the Jazz build engine toolkit, then the jbe executable can be used to encode a password. The jbe uses the same encoding which is valid for the teamserver.properties file.

From RTC Help:
    1. From a command line, navigate to installdir/buildsystem/buildengine/eclipse, where installdir is the Build System Toolkit installation directory.
    2. Type jbe -createPasswordFile pass.txt. Note: pass.txt can be any file name.
    3. When prompted, type the password. The password is encrypted and stored in a pass.txt file that is located in the Build System Toolkit installation directory.

Then...
    1. Copy the contents of the pass.txt file and assign it to the password property in the teamserver.properties file.
    2. Enclose the value in square brackets .
    3. And finally add an escape (backward slash) before each trailing =. For example == becomes \=\=.

Works for me!

Comments
Mallikarjuna Manoj Kandala commented Jul 31, 3:25 a.m.

We tried this method, and it is not working for us.

The encrypted password we see when we update the password in the admin UI and the encrypted we are getting in the text file seems to be different too.


Ralph Schoon commented Jul 31, 3:49 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

Do not comment on 12 year old answers.

If you have a question, ask your own question - you can refer to other questions by providing a link. 


Also see the guidelines: https://jazz.net/forum-guidelines.jsp 


permanent link
Ravikanth Chavali (401824) | answered Dec 24 '14, 3:25 p.m.
edited Dec 24 '14, 3:27 p.m.
 

Approach 2 to change the userid/password after expiry:

1. Try opening publicURI/jts/setup & publicURI/ccm/setup and skip to the step number by overtyping the step number on URL and give the userid and password > Test connection > Next to save the setting.

2. Logon to publicURI/jts/admin & publicURI/ccm/admin > Server > Advanced properties > edit userid and password for dataWareHouse and save the settings. 

Note: when we try the URL we might get 400, refresh a couple of times and we landed on the login page.


permanent link
Lonnie VanZandt (88717) | answered Sep 01 '16, 12:44 p.m.
 I am attempting to script the silent installation of Jazz with DB2 and I need a scriptable way to store the proper password string into the teamserver.properties files. The jbe utility isn't available and running the Setup UI to collect its generated teamserver.properties files isn't an option.

Because those DB2 passwords should match the Unix login passwords for the selected DB2 user accounts, these teamserver.properties SHOULD store strings constructed using the MD5 algorithm. The values could be generated using the openssl tool:
> openssl passwd -1 db2inst1
$1$EkV/dJFe$WtUzB9wboZm2R8WbQJ4Ho1
(Windows servers would need values generated according to however Windows encrypts its passwords.)


Comments
Donald Nong commented Sep 01 '16, 9:19 p.m.

Just curious, why did you say teamserver.properties should store an MD5 string?


Lonnie VanZandt commented Sep 01 '16, 10:06 p.m.

 Well, currently, it seems to accept either plaintext (when used as an input before the repotools_jts setup operation) or a custom-encrypted value (when stored as a runtime parameter after the setup operation).


Ideally, it would never appear in plaintext and it would be conveniently stored as the same value as is used for the user account -- because DB2 uses the underlying OS login authentication for its password management.

Now, Unix systems use that MD5 Algorithm 1 as their crypt algorithm for user accounts.

Together these imply that the value in the properties file for the password would be the MD5 string I suggested.

If not, where did I make a mistake in my reasoning?


Donald Nong commented Sep 09 '16, 2:09 a.m.

Oracle password does not rely on the OS, and yet, its encrypted form is stored in teamserver.properties file. How do you deduce this?

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.