Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

Encryption of passwords in teamserver.properties

Questions
Tags
Users
Badges
Anthony Kesterton
JAZZ DEVELOPER (7.5k9180136) May 03 '12, 4:28 p.m.
Hi all

The teamserver.properties file contains a database user password. What technique/method is used to encrypt this password? The security team at my customer wants to know.

thanks

anthony

0 votes

5 answers
11,214 views
0 votes

Accepted answer

Permanent link
Kunal Doddanavar
(45222732) Jun 25 '15, 3:14 a.m.
 Hi,
     The original password is passed through a Data Encryption Standard (DES) algorithm and is then passed through a base64 algorithm before being written to the teamserver.properties file.

- Kunal
Ralph Schoon selected this answer as the correct answer

2 votes

4 other answers

Permanent link
Ken Green
(6133) May 15 '12, 1:44 p.m.
Hi all

The teamserver.properties file contains a database user password. What technique/method is used to encrypt this password? The security team at my customer wants to know.

thanks

anthony


Can someone answer this: We don't necessarily need to know the encryption/encoding method because it would be unsafe to publish that information; however, does RTC contain a tool similar to the WAS PropFilePasswordEncoder that we can use to encode the passwords in the teamserver.properties files from the command line?

This would be extremely helpful because we have to change passwords every 90 days. It is easier to edit the teamserver.properties file rather than change passwords in the UI. After editing passwords (in the clear) in the teamserver.properties file, we would like to run a command line tool to encode the passwords.

Thanks.

0 votes

Permanent link
Ken Green
(6133) May 23 '12, 4:30 p.m.
If you install the Jazz build engine toolkit, then the jbe executable can be used to encode a password. The jbe uses the same encoding which is valid for the teamserver.properties file.

From RTC Help:
    1. From a command line, navigate to installdir/buildsystem/buildengine/eclipse, where installdir is the Build System Toolkit installation directory.
    2. Type jbe -createPasswordFile pass.txt. Note: pass.txt can be any file name.
    3. When prompted, type the password. The password is encrypted and stored in a pass.txt file that is located in the Build System Toolkit installation directory.

Then...
    1. Copy the contents of the pass.txt file and assign it to the password property in the teamserver.properties file.
    2. Enclose the value in square brackets .
    3. And finally add an escape (backward slash) before each trailing =. For example == becomes \=\=.

Works for me!

0 votes

Comments
Mallikarjuna Manoj Kandala
Jul 31 '24, 3:25 a.m.

We tried this method, and it is not working for us.

The encrypted password we see when we update the password in the admin UI and the encrypted we are getting in the text file seems to be different too.

Ralph Schoon
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER Jul 31 '24, 3:49 a.m.

Do not comment on 12 year old answers.

If you have a question, ask your own question - you can refer to other questions by providing a link. 


Also see the guidelines: https://jazz.net/forum-guidelines.jsp 

Permanent link
Ravikanth Chavali
(401824) edited
Dec 24 '14, 3:27 p.m.
 

Approach 2 to change the userid/password after expiry:

1. Try opening publicURI/jts/setup & publicURI/ccm/setup and skip to the step number by overtyping the step number on URL and give the userid and password > Test connection > Next to save the setting.

2. Logon to publicURI/jts/admin & publicURI/ccm/admin > Server > Advanced properties > edit userid and password for dataWareHouse and save the settings. 

Note: when we try the URL we might get 400, refresh a couple of times and we landed on the login page.

0 votes

Permanent link
Lonnie VanZandt
(88717) Sep 01 '16, 12:44 p.m.
 I am attempting to script the silent installation of Jazz with DB2 and I need a scriptable way to store the proper password string into the teamserver.properties files. The jbe utility isn't available and running the Setup UI to collect its generated teamserver.properties files isn't an option.

Because those DB2 passwords should match the Unix login passwords for the selected DB2 user accounts, these teamserver.properties SHOULD store strings constructed using the MD5 algorithm. The values could be generated using the openssl tool: 
> openssl passwd -1 db2inst1
$1$EkV/dJFe$WtUzB9wboZm2R8WbQJ4Ho1
(Windows servers would need values generated according to however Windows encrypts its passwords.)

0 votes

Comments
Donald Nong
Sep 01 '16, 9:19 p.m.

Just curious, why did you say teamserver.properties should store an MD5 string?

Lonnie VanZandt
Sep 01 '16, 10:06 p.m.

 Well, currently, it seems to accept either plaintext (when used as an input before the repotools_jts setup operation) or a custom-encrypted value (when stored as a runtime parameter after the setup operation).


Ideally, it would never appear in plaintext and it would be conveniently stored as the same value as is used for the user account -- because DB2 uses the underlying OS login authentication for its password management.

Now, Unix systems use that MD5 Algorithm 1 as their crypt algorithm for user accounts.

Together these imply that the value in the properties file for the password would be the MD5 string I suggested.

If not, where did I make a mistake in my reasoning?

Donald Nong
Sep 09 '16, 2:09 a.m.

Oracle password does not rely on the OS, and yet, its encrypted form is stored in teamserver.properties file. How do you deduce this?

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details

Question asked: May 03 '12, 4:28 p.m.

Question was seen: 11,214 times

Last updated: Jul 31 '24, 3:49 a.m.

Confirmation Cancel Confirm