Encrypting the password

Encrypting the password

Entries in the libtcl.cfg file are in human-readable format. Sybase provides a pwdcrypt utility for basic password encryption. pwdcrypt is a simple algorithm that, when applied to keyboard input, generates an encrypted value that can be substituted for the password. pwdcrypt is located in $SYBASE/$SYBASE_OCS/bin.

From the $SYBASE/$SYBASE_OCS directory, enter:

bin/pwdcrypt

Enter your password twice when prompted.

pwdcrypt generates an encrypted password. For example:

0x01312a775ab9d5c71f99f05f7712d2cded2i8d0ae1ce78868d0e8669313d1bc4c706

Copy and paste the encrypted password into the libtcl.cfg file using any standard ASCII-text editor. Before encryption, the file entry appears as:

ldap=libsybdldap.so

ldap://seashore/dc=sybase,dc=com??one??bindname=uid=Manager,dc=sybase,

dc=com?password

Replace the password with the encrypted string:

ldap=libsybdldap.so

ldap://seashore/dc=sybase,dc=com??one??bindname=uid=Manager,dc=sybase,dc=com

0x01312a775ab9d5c71f99f05f7712d2cded2i8d0ae1ce78868d0e8669313d1bc4c706

Warning! Even if your password is encrypted, you should still protect it using file-system security.

Performance

Performance when using an LDAP server may be slower than when using an interfaces file because the LDAP server requires time to make a network connection and retrieve data. Since this connection is made when Adaptive Server is started, changes in performance will be seen at login time, if at all. During normal system load, the delay should not be noticeable. During high system load with many connections, especially repeated connections with short duration, the overall performance difference of using an LDAP server versus the traditional interfaces file might be noticeable.

78

Adaptive Server Enterprise

Page 94
Image 94
Sybase DC35823-01-1500-04 manual Encrypting the password, Performance, Replace the password with the encrypted string