I recorded a response file for Connections 8 and was surprised by the password that is stored in the response file for the database user.
<data key='user.blogs.dbUserPassword' value='UquZEzLwkJl5qCJ9J+B/jun8+DTdsGMJFQuIiHl8MZA='/>
The password I used in the UI was "password" ( it's a test server)
When I wanted to use this rsp file in another env, the install worked but all the jdbc connections were failing from websphere and the password was wrong. I used another password and used this
https://help.hcltechsw.com/connections/v65/admin/install/t_silent_create_encrypted_passwords.html
to generate the encrypted password.
so I decided to encrypt "password" using the same process and got this
./imutilsc encryptString password -silent -noSplash
fufgZbY47EfxLYarBAIxeQ==
This does not match the value recorded by the response file recorded. Has the necryption method for passwords changed in Connections 8?
Hi Wannes Rams,
the question that you ask is related to the IBM Installation Manager features and has nothing to do with the HCL Connections product at all. The changed password encyption that you noticed when you try to encypt the the text "password" could be related to a different password key. Because when that password key changes also the encypted text will change at all. You will find details on the following IBM pages:
https://www.ibm.com/docs/en/installation-manager/1.8.5?topic=overview-security-considerations-installation-manager#c_security_im__store_cred
https://www.ibm.com/docs/en/workload-automation/9.4.0?topic=installation-encrypting-user-passwords-response-files
So in my point of view the question is which password key did you use for both tests in the GUI related to your tests using the imutilsc tool? Did you use the same password key in both tests? I am not aware that the encyption method has changed between the different IBM Installation Manager versions. Maybe give it a try and add in both tests the -passwordKey option with your own specified key to make sure that you use the same encyption key.
Please also check technote:
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0080308
Thanks, Thorsten
Hey Thorsten,
Thanks for the additional info. I did not use a password key so it reverts to the default one.
I am using the same installation manager install and binaries to encrypt the password for my response file as the Connections response file creation does so I would expect the same result in the encrypted password, unless HCL is using a password key ( they have not in the past). As I am using the same Installation Manager binaries for both actions it does not seem that there is a change on IBM side of things.
Hi Wannes Rams,
can you please check, if you can find keyring files related to eclipse on your system? I am asking, because by default If the password is not specified, Eclipse uses a default password. You can provide stronger encryption by specifying a password to open the keyring file.The contents of the keyring file are encrypted. You must have write permissions for the keyring file. Installation Manager uses the Eclipse infrastructure to save credentials to a keyring file.
For details, please also check:
https://www.ibm.com/docs/en/rational-clearcase/8.0.1?topic=packages-installation-manager-command-line-arguments
Did you use one and the same user to install Connections in the GUI and when the responsefile was created? For me it looks like that for each user such a unique keyring file will be created. It could be possible that different passwords will be used for different users.
For more details, please also check:
https://www.ibm.com/docs/en/iad/7.2.1?topic=psispuim-installing-updating-silently-from-authenticated-repositories-installation-manager-1
Thanks, Thorsten