Forum Discussion

NBU_13's avatar
NBU_13
Level 6
10 years ago

vcsencrypt password for generic resource in VCS

Hi,

I have query.

I installed and configured SFHA for application server, this application server has 5 services, which is running with same user name and password under service manager.

I have configured the Generic resource for each services, however, the password is not encrypted in resource attributes. So I have used vcsencrypt utility to create the encryted password and plan to update in main.conf file.

if we run vcsencrypt utility with password same as XXXXX for number of times, each time it is giving different encrpted password.

My question is I have run vcsencrypt utility with password same as XXXXX, only one time and use the same encrypted password for all the 5 generic resource attributes or need to run 5 times the vcsencrypt utility with password same as XXXXX and update the each generic resource with seperate encrypted password.

  • Hi NBU_13,

    You can run the vcsencrypt utility once and use the same output multiple times.  The utility puts out a different hash during each run so that it is hard to guess the password with the utility.  Each hash that it generates is a valid hash for the password and can be used more than once if needed.  Or you can use different hash for each resouce that uses the same user/password.

    Thank you,

    Wally

  • Hi NBU_13,

    You can run the vcsencrypt utility once and use the same output multiple times.  The utility puts out a different hash during each run so that it is hard to guess the password with the utility.  Each hash that it generates is a valid hash for the password and can be used more than once if needed.  Or you can use different hash for each resouce that uses the same user/password.

    Thank you,

    Wally

  • Hi NBU_13,

    You can run the vcsencrypt utility once and use the same output multiple times.  The utility puts out a different hash during each run so that it is hard to guess the password with the utility.  Each hash that it generates is a valid hash for the password and can be used more than once if needed.  Or you can use different hash for each resouce that uses the same user/password.

    Thank you,

    Wally

  • Not sure what happened there with the double post.

     

    Anyway, I also wanted to mention that the Cluster Manager Java GUI should encrypt the password when it is entered for the GenericService resource.  It will show the password as it is entered but when you click OK it should encrypt it and show the hash as the value for the Password attribute.

    Thank you,

    Wally

  • Wally,

    Thanks, yes, usually, when I enter the password in attribute and click Ok, then it automatically encrypt the password, but Iam not sure, why it is giving this issue this time. one more thing, so we have update the encrypted password in main.conf file, right ? not in VCS console.

  • Hi NBU_13,

    If the GUI is not encrypting the attribute that you are entering, then you should be able to enter the password hash directly into that attribute via the CLI or GUI.

    You can do it in the main.cf manually in an offline configuration update fashion.  Just remember to stop the cluster on all nodes and start it again on the node with the modifiied main.cf before start the cluster on other nodes.

    Thank you,

    Wally