Horizon FLEX 1.1 - Question on Encryption Password
Hi all,
For my Horizon FLEX deployment, VMware Workstation 11 is used to create source VM. When the source VM is assigned to multiple users, it seems that the power-on passphrase (encryption password) will be the same for those users. Other than creating multiple source VMs with different encryption password, is there another workaround to achieve a similar result (different power-on passphrase for different users)?
Any idea, workaround and suggestion are welcome.
Thanks and regards,
Tony Yeung
Hello at the moment the only option is to force the user to change the password after the first logon. Check the entitlement for that setting The tick box under the restrictions.
Keep in mind that you can upload a template only ones as an image.
Similar Messages
-
Utility to generate the triple des (3DES) encrypted password in wl 6.1?
To take advantage of the encrypted passwords in config.xml, as of wl 6.1, is
there a weblogic utiltiy or api tha could be used to encrypt plaintext into
the triple-des symmetric key PRIOR to having an SA or DBA type it into the
console? This would help me greatly in the deployment and security of
passwords.
Thanks in Advance,
Steve RogersHi,
Thank you for your question.
I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.
Thank you for your understanding and support.
Best Regards,
Aiden
Aiden Cao
TechNet Community Support -
I forgot the backup encryption password in iTunes how can I get my backup data back?
I forgot the backup encryption password in iTunes how can I get my backup data back?
You need to ask Apple to reset your security questions; this can be done by clicking here and picking a method, or if your country isn't listed, filling out and submitting this form.
They wouldn't be security questions if they could be bypassed without Apple verifying your identity.
(109920) -
Dear All,
i want to insert encrypted Password of 'password' string into table user_dtl column PASSWORD .
How can i insert Encripted password into table.
ThanksHi Vedant,
See the CUSTOM_HASH function that is installed with sample application in the APEX.
Here is the code for it:
create or replace function custom_hash (p_username in varchar2, p_password in varchar2)
return varchar2
is
l_password varchar2(4000);
l_salt varchar2(4000) := 'XFSPL28ZTWEWWM6FHWMK68AG5NQVLU';
begin
-- This function should be wrapped, as the hash algorithm is exposed here.
-- You can change the value of l_salt or the method of which to call the
-- DBMS_OBFUSCATOIN toolkit, but you much reset all of your passwords
-- if you choose to do this.
l_password := utl_raw.cast_to_raw(dbms_obfuscation_toolkit.md5
(input_string => p_password || substr(l_salt,10,13) || p_username ||
substr(l_salt, 4,10)));
return l_password;
end;
i want to insert encrypted Password of 'password' string into table user_dtl column PASSWORD.The above function will give the encrypted password which can be inserted into USER_DTL as follows:
INSERT INTO USER_DTL(USERNAME,PASSWORD) VALUES(:P1_USERNAME, CUSTOM_HASH(:P1_USERNAME,:P1_PASSWORD))Be sure that PASSWORD column in USER_DTL is of type VARCHAR2 and of adequate length as to accommodate the encrypted password.
Hope it helps!
Regards,
Kiran -
RBACx Encrypted Password Change Utility
Hi all,
In the OIA/SRM installation guide, there is a reference to a tool, to find out the password of rbacxservice.
"Oracle Identity Analytics utilizes an encrypted password when communicating with the database.
To change the default database password, use the RBACx Encrypted Password Change Utility"
Could you please help me finding out this tool.
Many thanks in advance.
Warm regards,
Manipradeep Sunku.The mentioned tool only encrypts the password so that you don't have to store a plain text password in the config file. It does not decrypt it. The default rbacxservice password is rbacxservice.
The tool does not come with the OIA/SRM distribution so if you need it, you will need to contact support. -
Reset encryption password for NEW iPhone backups
Hello Everyone,
I have an iPhone and iPad which are currently working perfectly. However during testing I figured out that I somehow lost my iTunes backup encryption password. As such I figured I would just change the backup password, delete the old backups, and create NEW backups for which I do know the password to and all would be good (and ready for a future device failure.)
However it appears that iTunes will not allow you to change or disable the encryption password for NEW backups without first knowing the old encryption password. Does anyone know if a way around this?
Thank you for your time.Thanks!
-
Encrypted Password in AIAConfigurationProperties.xml
Hi,
During the installation of Primavera P6 to EBS Projects PIP, the Password is getting encrypted in the Service Configuration in AIAConfigurationProperties.xml. Is there any script that we can run so that we can avoid the encryption of the password there by having the flexibility to change the un-encrypted Password as and when required?
<Property name="User.P6EPPM_01.Name">primavera</Property>
<Property name="User.P6EPPM_01.pwd">Se8bfsuMJNvYmKB4mg9L3w==</Property>
Your pointers will be highly appreciated!
Regards,
ChaitanyaTry this:
There's a script that can be used to re-encrypt a new password. If the cleartext password is, say, welcome1, do the following -
- Go to AIA_HOME/Infrastructure/install/install/wlscripts/config
- Run command: ./encrypt.sh welcome1
This is useful for re-encrypting any of the passwords that are captured during installation in the deploy.properties file. I can't say for sure that it is the same encryption that is used for the P6 credentials, but it's worth a try. -
ITunes will not let me backup and sync to new phone encrypted password??
iTunes will not let me backup and sync to new phone encrypted password?? I've never set a password for my old iPhone 3gs but tried my old Apple ID sign-in passwords to no avail. I've simply sat here so frustrated....my husband sync'd his new iPhone 4 no problem, somehow the checkbox shows Encrypted password and I'm at a loss on how to change this/find the password and transfer my old backup onto my new phone so I can use it. Can anyone help? Tnx
John,
buy an iTunes Music Card and redeem it to your account - the "none" option should be available then. -
LDIF Importing a user with a non-encrypted password fails, anywork arounds?
I was able to import a group without issue:
dn: cn=Authenticated,cn=Groups,dc=oraclelinux,dc=com
description: test group
objectClass: top
objectClass: groupOfUniqueNames
uniqueMember: cn=orcladmin,cn=People,dc=oraclelinux,dc=com
cn: Authenticated
But when I try to import a standard user:
dn: cn=testuser2,cn=Users, dc=oraclelinux, dc=com
userpassword:: password1
description: test user
objectClass: top
objectClass: person
sn: testuser2
cn: testuser2
It fails if I remove the password field then I can import the user without issue, but I need to include the password field as it is part of what was exported from the old LDAP Server.
If I create a user in an ldif import it then add a password using oracle's Directory Manager upon exporting it the entry loks like:
dn: cn=testuser, cn=Users, dc=oraclelinux, dc=com
authpassword;orclcommonpwd: {MD5}fGoYCzaJagqMAnh+6vsOTA==
authpassword;orclcommonpwd: {X- ORCLLMV}E52CAC67419A9A2238F10713B629B565
authpassword;orclcommonpwd: {X- ORCLNTV}5835048CE94AD0564E29A924A03510EF
authpassword;oid: {SASL/MD5}tUquh+Duowh2aWSEwONtcQ==
authpassword;oid: {SASL/MD5-DN}lcQ7Z5O5vcwzXMeaZ65fYw==
authpassword;oid: {SASL/MD5-U}AAWzkmDDCJLbs9mxoWBTiw==
userpassword:: e1NIQX00NHJTRkpROXF0SFdUQkF2cnNLZDVLL3AyajA9
description: test user
objectclass: top
objectclass: person
sn: testuser
cn: testuser
Changing my imported ldif to look like the following WORKS:
dn: cn=testuser2,cn=Users, dc=oraclelinux, dc=com
userpassword:: e1NIQX00NHJTRkpROXF0SFdUQkF2cnNLZDVLL3AyajA9
description: test user
objectClass: top
objectClass: person
sn: testuser2
cn: testuser2
So the password must be encrypted then?, if so how to I generate a password hash on the command-line and through JAVA?
Can an import be forced with a plain text password (Tivoli, SUN both support this functionality).
Can I change the constraint that the password must contain a numeric char? (Found in document: http://download-uk.oracle.com/docs/cd/B28196_01/idmanage.1014/b15991/pwdpolicies.htm#g1051713)
After fixing the constaints I can import a non-encrypted password from an ldif, but it can not be verified and only the authpassword;oid entries are created not the authpassword;orclcommonpwd entries.
Thanks for your assistance,
ERIC GANDTEric, my first guess would be that the OID password policy prevents loading of the password i.e. the password doesn't match the existing password policy.
What version is your "old" OID and what is the version of the current OID you're using?
What is the error msg you get?
regards,
--Olaf -
Doubts regarding db connection with encrypted password usage in sandbox
Hi All,
We have setup the db connection using configuration file. The configuration file contains db connection information including the encrypted password.
Below are my doubts:
1. If we are going to import the ETL project in zip file directly into the sandbox can we run the graphs directly or we need to check how the password which is encrypted in configuration file will be decoded.
2. Can we directly modify the configuration file for db connection like db connection,user name and password. Suppose I want the graphs to run in some other database which is not specified in configuartion fiel .Can I directly update that?
3.Is it possible to change the encrypted password in the configuration file in the sandbox. Is it that we need to create the project in Integrator Designer, change the password using the Integrator Designer, and then copy the encrypted password into the configuration file in sandbox, or the Endeca provides a functionality to allow user to directly change the password in the sandbox on the Integrator server.
Can someone please let me know their comments on above.
Thanks in Advance.
Regards,
Amritcan someone please help me on this issue
-
Powershell script monitor with encrypted password
I have created a powershell script based monitor in my management pack and everything is ok but I can't get my credentials work inside the script. I want to open pssession to another computer with my credentials. I have triple checked that my pssession is
working because I can access it from powershell console.
This works perfectly at local server from PSconsole:
$EncryptedPassword ="01000000d08c9ddf0115d1118c7a00c04fc297eb01000000534b2....etc...etc..."
$pw = convertto-securestring -String $EncryptedPassword
$cred = new-object System.Management.Automation.PSCredential -argumentlist "MyDOMAIN\MyACCOUNT",$pw
$s = New-PSSession -ComputerName "MyServer" -Port MyPort -Credential $cred
But when I run the same lines inside my management pack the convertto-securestring
does nothing, it just wont convert the encrypted password to secure string!
I have tried this plain text method and it works
inside my management pack, but I don't want to use it because you can see the password in plain text:
ConvertTo-SecureString -String "myPlainTextPassword" -AsPlainText -Force
This is the $error variable, so it's basically says that I don't have anything in the password secure string variable because the convertion did not work for some reason:
The argument is null. Provide a valid value for the argument, and then try running the command again. Cannot process argument transformation on parameter 'Credential'. PromptForCredential Exception calling ".ctor" with "2" argument(s):
"Cannot process argument because the value of argument "password" is null. Change the value of argument "password" to a non-null value." The system cannot find the file specified. Exception calling "SecureStringToBSTR"
with "1" argument(s): "Value cannot be null. Parameter name: s" The system cannot find the file specified. Exception calling "SecureStringToBSTR" with "1" argument(s): "Value cannot be null. Parameter name: s"
The system cannot find the file specified.
So is there some known issue with SCOM Agent / management pack when you are dealing with convertto-securestring
function with encrypted passwords?
I used these methods to encrypt the password: Technet article about encryptionI got it to work!
<TypeDefinitions>
<EntityTypes>
<ClassTypes>
<ClassType ID="MyClass" Accessibility="Public" Abstract="false" Base="Windows!Microsoft.Windows.LocalApplication" Hosted="true" Singleton="false" Extension="false"
/>
</ClassTypes>
</EntityTypes>
<SecureReferences>
<SecureReference ID="MyRunAsAccountProfile" Accessibility="Public" Context="System!System.Entity" />
</SecureReferences>
<ScriptBody>param (
[string]$Username,
[string]$Password
$API = new-object -comObject "MOM.ScriptAPI"
$PropertyBag = $API.CreatePropertyBag()
$cred = New-Object System.Management.Automation.PSCredential -Argumentlist @($Username,(ConvertTo-SecureString -String $Password -AsPlainText -Force))
$s = New-PSSession -ComputerName "myserver" -Credential $cred
Invoke-Command -Session $s -ScriptBlock { $service = Get-Service -Name Spooler}
$invcom = Invoke-Command -Session $s -ScriptBlock { $service.status}
Remove-PSSession -Id $s.Id
if ($invcom.Value -ne "Running") {
$PropertyBag.AddValue("State","ERROR")
$outputLongLine = "Spooler Service is not running on target server!"
$PropertyBag.AddValue("Description", $outputLongLine)
else {
$PropertyBag.AddValue("State","OK")
$outputLongLine = "Spooler is Running on target server."
$PropertyBag.AddValue("Description", $outputLongLine)
$PropertyBag</ScriptBody>
<Parameters>
<Parameter>
<Name>Username</Name>
<Value>$RunAs[Name="MyRunAsAccountProfile"]/Domain$\$RunAs[Name="MyRunAsAccountProfile"]/UserName$</Value>
</Parameter>
<Parameter>
<Name>Password</Name>
<Value>$RunAs[Name="MyRunAsAccountProfile"]/Password$</Value>
</Parameter> -
Unencrypted password length vs. Encrypted password length
Hi,
Can anybody share the formula to get the resulting String length of an encrypted password.
For example: how long will the encrypted String be given a 5 letter unencrypted password?
Will this change across different algo? e.g. MD5/SHA1 and two way hash...
Need this to make sure the database field is of the correct size for the encrypted password...
based on prior experience, the resulting encrypted String is always longer than the inputted password but I cannot find a reference stating the formula...
Thanks in advanceA few things to keep in mind:
1) Do not think of Strings when you are using cryptography. Always think in byte buffers (byte[]). Strings can perform implicit character conversions that will mess up your encryption (and decryption).
2) Do you really need to encrypt the password? Most password files are simply hashed. You can go one step better by adding 'salt' prior to taking the hash.
As for calculating lengths, it depends on the algorithm. But in all likelihood, rather than trying to calculate the exact, expected size, just make the database field larger. (I know, sloppy programming, but space is cheap, especially for storing a password).
- Saish
"My karma ran over your dogma." - Anon -
Decrypt the encrypted password
Hi there,
I have been scratching my head for some time to fix one issue. We are planning to change the plateform/technology and we need to bring over existing login to new system. In order to have the same password I need to decrypt the password before I send it to new system. When we stored the password, it encrypts them and stores it in database. I am using following code to decrypt it. it's not worlking . This is error I am getting.
Given final block not properly padded
Here is some more information:
Key is :javax.crypto.spec.SecretKeySpec@18f3a
Format is :RAW
getAlgorithm() is :DES
String encrypted = abcdefgh
Provider is: com.sun.crypto.provider.SunJCE()
This is my code to decrypt which throws error " Given final block not properly padded" :
public String decrypt(String encrypted){
Cipher ci = null;
byte [] result = null;
try {
ci = Cipher.getInstance("DES");
ci.init(Cipher.DECRYPT_MODE, key);
System.out.println("CryptoUtil()" +"before hexToByteArray. Byte Data: "+encrypted);
byte [] encryptedData = hexToByteArray(encrypted, false);
//Log.out("CryptoUtil()" +"after hexToByteArray. lenth: "+ encryptedData.length);
result = ci.doFinal(encryptedData);
catch (Exception e) {
System.out.println("CryptoUtil()" +"ERROR: "+ e.getMessage());
return encrypted;
String strResult = new String(result);
return strResult;
Please help.
Thank you.These are the two values I am getting for encrypted password:
97654de7857cd9aab331995cba044fc6
a125a6b2a71e23adc002ac7fbe1a1042
Is this a hex code?
I think the key is: abcdefgh
This is my code to encrypt and decrypt:
* empty constructor
* @param keydata
public CryptoUtil(String keydata){
if (keydata.trim().equals("")){
logDebug("CryptoUtil()" +" Constructor didn't get a valid key!");
usage();
System.exit(0);
}else{
keyBytes = keydata.getBytes();
key = new SecretKeySpec(keyBytes, 0, keyBytes.length, "DES");
try {
Provider sp = new com.sun.crypto.provider.SunJCE();
//logDebug("CryptoUtil() " + sp.getInfo());
Security.addProvider(sp);
}catch (Exception ex) {
logDebug("CryptoUtil() " +"Problem loading crypto provider \n error:"+ex.getMessage());
usage();
System.exit(0);
* Encrypt
* @param s
public String encrypt(String s){
Cipher ci = null;
byte [] result = null;
try {
ci = Cipher.getInstance("DES");
ci.init(Cipher.ENCRYPT_MODE, key);
result = ci.doFinal(s.getBytes());
}catch (Exception e) {
logDebug("CryptoUtil()" +"ERROR: "+ e.getMessage());
String strResult = byteArrayToHex(result);
return strResult;
* decrypt a card number
* @param encrypted
public String decrypt(String encrypted){
Cipher ci = null;
byte [] result = null;
try {
ci = Cipher.getInstance("DES");
ci.init(Cipher.DECRYPT_MODE, key);
//Log.out("CryptoUtil()" +"before hexToByteArray. Byte Data: "+encrypted);
byte [] encryptedData = hexToByteArray(encrypted, false);
//Log.out("CryptoUtil()" +"after hexToByteArray. lenth: "+ encryptedData.length);
result = ci.doFinal(encryptedData);
catch (Exception e) {
logError("CryptoUtil()" +"ERROR: "+ e.getMessage());
return encrypted;
String strResult = new String(result);
return strResult;
static final String hexDigitChars = "0123456789abcdef";
* @param a
public static final String byteArrayToHex(byte [] a) {
int hn, ln, cx;
StringBuffer buf = new StringBuffer(a.length * 2);
for(cx = 0; cx < a.length; cx++) {
hn = ((int)(a[cx]) & 0x00ff) / 16;
ln = ((int)(a[cx]) & 0x000f);
buf.append(hexDigitChars.charAt(hn));
buf.append(hexDigitChars.charAt(ln));
buf.append(' ');
return buf.toString();
* @param str
* @param rev
public static final byte [] hexToByteArray(String str, boolean rev) {
StringBuffer acc = new StringBuffer(str.length() + 1);
int cx, rp, ff, val;
char [] s = new char[str.length()];
str.toLowerCase().getChars(0, str.length(), s, 0);
for(cx = str.length() - 1, ff = 0; cx >= 0; cx--) {
if (hexDigitChars.indexOf(s[cx]) >= 0) {
acc.append(s[cx]);
ff++;
}else {
if ((ff % 2) > 0) acc.append('0');
ff = 0;
if ((ff % 2) > 0) acc.append('0');
byte [] ret = new byte[acc.length() / 2];
for(cx = 0, rp = ret.length - 1; cx < acc.length(); cx++, rp--) {
val = hexDigitChars.indexOf(acc.charAt(cx));
cx++;
val += 16 * hexDigitChars.indexOf(acc.charAt(cx));
ret[rp] = (byte)val;
if (rev) {
byte tmp;
int fx, bx;
for(fx = 0, bx = ret.length - 1; fx < (ret.length / 2); fx++, bx--) {
tmp = ret[bx];
ret[bx] = ret[fx];
ret[fx] = tmp;
return ret;
Will that give you any more information to help me? -
Reading Encrypted Password from Configuration File and Decrypt it at login
Hi All,
My application reads a configuration file to connect to the ORACLE database. The values defined for password are clear text as given below:
user: 'mh'
password='abcd1234'
Is there is any way I can give an encrypted password in the configuration file instead of a clear text file and at the time of login ORACLE decrypts it. I am using ORACLE 11g Database.
My company have a requirement that passwords are not stored in the clear in properties files. the reason being I suppose that if the password is stored in plaintext someone could hit the property file directly, get the password and then connect to the database with it.
For a regular user connecting through an Oracle client or SQL Developer they would need to have the plaintext password in order to connect.
its based on the requirements of
International Standards Organization Guidance
ISO 17799 � 9.5.4 requires password management systems to:
� enforce the use of individual passwords
� allow users to select and change their own passwords if appropriate
� enforce a choice of quality passwords
� force regular changes of passwords
� maintain a record of previous user passwords to prevent re-use
� not display passwords when they are being entered
� store password files separately from application system data
� store passwords in encrypted form using a one way encryption algorithm
� alter default vendor passwords following installation of software
So if I can store the password encrypted using a one way algorithm then hacker/user couldn't decrypt it and then access the database.
I have feeling there is a way of configuring this in Oracle advanced Security, but just can't quite get it to work.
Edited by: user5568473 on 20-May-2013 00:05So if I can store the password encrypted using a one way algorithm then hacker/user couldn't decrypt it and then access the database.... and neither can your application. Encryption is needed in this case. The decryption must be written into your application. I've written my own in some cases, but finding a library for your development language is a smarter solution.
One alternative is using an Oracle wallet. It doesn't fit every circumstance and does have some maintenance headaches.
You can set up a basic secure password store to encrypt and store the password for a given user@instance combination, and then connect to the database without passing a password. SQL*Net adds in the appropriate password from the wallet for when you connect.
http://www.oracle.com/technetwork/database/security/twp-db-security-secure-ext-pwd-stor-133399.pdf
Advanced Security Option also allows you to set up a Public Key Infrastructure connections (SSL encryption and/or authentication). It also uses a wallet to store the SSL certificates and credentials. I don't have personal experience on this approach.
SSL and the wallet allow you to connect to the database similar to CONNECT/@net_service_name or sqlplus /@net_service_namehttp://docs.oracle.com/cd/B28359_01/network.111/b28530/asossl.htm#CIHCBIEG -
How to write a pgm to change the existing encrypted password
Hi all,
can anybody tell me how to write a pgm to change the existing encrypted password.
thanks in advance.Well, it's going to depend on how it's implemented in the current system.
But basically it's going to look a lot like the current login actions. Presumably you have something that takes the user ID and password, encrypts the password, looks up the encrypted password in the database matching that user ID, and compares them. This functionality would also take a new password (preferably twice so they can be checked for consistency), and if the existing encrypted passwords match, it will encrypt the new password and put it in the database where the old one was.
And if the application has a mechanism for new users to sign up, it'll look a lot like this as well.
But I'm just guessing. This is all going to depend on how the existing functionality is written. Probably the best thing you can do is talk to a programmer at your organization who has worked on the application, and ask them for help.
Hope this helps anyway.
Maybe you are looking for
-
Is there any way to get all my stuff transfered from my old broken iphone to a new one
is there any way to get all my stuff transfered from my old broken iphone to a new one
-
I need to create a start/end date selection area with the following radio buttons o last week o last month o last quarter o last year o custom dates start date: mm/dd/yyyy end date: mm/dd/yyyy Depending on which radio button is selected, the 2 start/
-
My Zen Xtra freezes when organizing fi
Can anyone help me? A week ago when I was deleting some songs from my playlist (using MediaSource) my Zen Xtra froze up and then my playlists were lost. I have reset my Zen, reloaded the MediaSource software, updated the software and tried various ot
-
4th gen wont turn on! please help.
I haven't had my ipod touch 4th gen on for about a week. I tried to turn it on and the charging screen showed up. After a few seconds it said it was turning on but then the screen went black and then the charging screen showed up again. I have tried
-
I'm in Canada. My App Store app on my iPhone 5 keeps going to the U.S. App Store, then a window pops up telling me to go to the Canadian App Store. How do I do this?