cancel
Showing results for 
Search instead for 
Did you mean: 

vcsencrypt password for generic resource in VCS

NBU_13
Level 6
Accredited Certified

Hi,

I have query.

I installed and configured SFHA for application server, this application server has 5 services, which is running with same user name and password under service manager.

I have configured the Generic resource for each services, however, the password is not encrypted in resource attributes. So I have used vcsencrypt utility to create the encryted password and plan to update in main.conf file.

if we run vcsencrypt utility with password same as XXXXX for number of times, each time it is giving different encrpted password.

My question is I have run vcsencrypt utility with password same as XXXXX, only one time and use the same encrypted password for all the 5 generic resource attributes or need to run 5 times the vcsencrypt utility with password same as XXXXX and update the each generic resource with seperate encrypted password.

1 ACCEPTED SOLUTION

Accepted Solutions

Wally_Heim
Level 6
Employee

Hi NBU_13,

You can run the vcsencrypt utility once and use the same output multiple times.  The utility puts out a different hash during each run so that it is hard to guess the password with the utility.  Each hash that it generates is a valid hash for the password and can be used more than once if needed.  Or you can use different hash for each resouce that uses the same user/password.

Thank you,

Wally

View solution in original post

5 REPLIES 5

Wally_Heim
Level 6
Employee

Hi NBU_13,

You can run the vcsencrypt utility once and use the same output multiple times.  The utility puts out a different hash during each run so that it is hard to guess the password with the utility.  Each hash that it generates is a valid hash for the password and can be used more than once if needed.  Or you can use different hash for each resouce that uses the same user/password.

Thank you,

Wally

Wally_Heim
Level 6
Employee

Hi NBU_13,

You can run the vcsencrypt utility once and use the same output multiple times.  The utility puts out a different hash during each run so that it is hard to guess the password with the utility.  Each hash that it generates is a valid hash for the password and can be used more than once if needed.  Or you can use different hash for each resouce that uses the same user/password.

Thank you,

Wally

Wally_Heim
Level 6
Employee

Not sure what happened there with the double post.

 

Anyway, I also wanted to mention that the Cluster Manager Java GUI should encrypt the password when it is entered for the GenericService resource.  It will show the password as it is entered but when you click OK it should encrypt it and show the hash as the value for the Password attribute.

Thank you,

Wally

NBU_13
Level 6
Accredited Certified

Wally,

Thanks, yes, usually, when I enter the password in attribute and click Ok, then it automatically encrypt the password, but Iam not sure, why it is giving this issue this time. one more thing, so we have update the encrypted password in main.conf file, right ? not in VCS console.

Wally_Heim
Level 6
Employee

Hi NBU_13,

If the GUI is not encrypting the attribute that you are entering, then you should be able to enter the password hash directly into that attribute via the CLI or GUI.

You can do it in the main.cf manually in an offline configuration update fashion.  Just remember to stop the cluster on all nodes and start it again on the node with the modifiied main.cf before start the cluster on other nodes.

Thank you,

Wally