Storage and Usage of Userids and Passwords in Harvest
search cancel

Storage and Usage of Userids and Passwords in Harvest

book

Article ID: 109841

calendar_today

Updated On:

Products

CA Harvest Software Change Manager - OpenMake Meister

Issue/Introduction

This article explains the various ways that Harvest uses and stores userids and passwords in its system.

Environment

CA Harvest SCM all versions and platforms

Resolution

There are several ways that userids and passwords are used with the Harvest software. The one thing to know about all these is that in almost all circumstances, Harvest will keep passwords in an encrypted format, and those cannot be “decrypted.” There is no way to know what password has been encrypted for any particular userid. With that in mind, here are the types of userids that can be used with SCM: 

  • Users log in to the Harvest application (Workbench, Administrator Tool, command line utilities, etc) with userids and passwords. You can get a list of the userids of users authorized to use Harvest by executing the “Users” report in the Administrator Tool. From the menu at the top of the Harvest Administrator Tool, click on “Reports” -> “Users.” If you have configured Harvest for “Internal” authentication, user passwords are stored in encrypted format inside the Harvest database. If you have configured Harvest for “LDAP” authentication, Harvest will store the userids but does not store any password in the Harvest database. Instead Harvest will query the LDAP directory service for authentication of the user. 
  • Harvest needs to know the userid and password required to access your DBMS and query the Harvest database. This userid and password is stored in an encrypted password file named: 
    • On Windows: %CA_SCM_HOME%\hsvr.dfo 
    • On Linux and Unix: $CA_SCM_HOME/.hsvr.dfo

In both cases, the file is stored as a “hidden” file as an added layer of protection. You can find out what user ID is being used to access your Harvest database by examining the header information in one of your *Hserver*.log files. These can be found in the % CA_SCM_HOME%log folder (on Windows) or the $CA_SCM_HOME/log folder (on Linux and Unix). 

  • If Harvest is configured for “LDAP” authentication, it will need to have login credentials for the LDAP server. Harvest stores the LDAP configuration for the broker in a file called %CA_SCM_HOME%\HServer.arg (on Windows) or $CA_SCM_HOME/HServer.arg (on Linux and Unix). The login user’s distinguished name is set using the “-ldapbinddn” parameter. The login user’s password is either stored as plain text inside the argument file using the “-ldapbindpw” parameter or in an encrypted password file specified with the “-ldapbindpwfile” parameter. 
  • If Harvest needs to connect to a remote agent machine for certain types of processes, such as check-in (HCI), check-out (HCO), synchronizing (HSYNC), or remote execution (HEXECP), it will need valid login credentials. The userid and password being used can be found on the command line with either the “-rusr” and “-rpw” parameters or the “-er” parameter, which will point to an encrypted password file. 
  • If Harvest needs to connect to a remote agent machine to execute a command (HEXECP) remotely, it will need valid login credentials to connect to the remote agent process. The userid and password being used can be found on the command line with either the “usr” and “-pw” parameters or the “-eh” parameter, which will point to an encrypted password file. 
  • Harvest has a directory synchronization utility called “hrefresh” that allows for synchronization information to be stored in a configuration file for a list of different combinations of projects and states. This configuration file will need to include encrypted password files for both the SCM application login credentials and the remote agent login credentials. 
  • For all other command-line utilities, Harvest needs the application login userid and password. The userid and password can be found on the command line with either the “usr” and “-pw” parameters or the “-eh” parameter, which will point to an encrypted password file. 
  • For all the various types of interactive SCM client applications (Workbench, Administrator Tool, Visual Studio plugin, Eclipse plugin, Harweb), SCM will need the SCM application login userid and password and these will be typed in by the user at that time. 


Here are some places to look for more information: 

Synchronizing Reference Directories
Setting up HRefresh

Command line utilities: 
Hexecp Command – Execute Program
hci Command – Check-In
hco Command – Check-out
hmvproj Command – Move or Copy Projects
hrefresh Command – Refresh Directories
hsync Command – Synchronize Directory from View Path
svrenc Command – Encrypt User and Password Credentials to a File

The most common use of the command line utilities is in scripts and User Defined Processes (UDPs). You can get a complete inventory of all UDPs defined in your Harvest database with the following query: 

SELECT HARENVIRONMENT.ENVIRONMENTNAME, 
DECODE(HARENVIRONMENT.ENVISACTIVE, 'T', 'TEMPLATE', 'Y', 'ACTIVE', 'INACTIVE') AS PROJECTTYPE, 
HARSTATE.STATENAME, 
'Stand-Alone' AS PARENTPROCESS, 
'-' AS LINKED, 
HARUDP.PROCESSNAME AS UDPPROCESS, 
HARUDP.PROGRAMNAME 
FROM HARENVIRONMENT 
INNER JOIN HARSTATE ON HARENVIRONMENT.ENVOBJID = HARSTATE.ENVOBJID 
INNER JOIN HARSTATEPROCESS ON HARSTATE.STATEOBJID = HARSTATEPROCESS.STATEOBJID 
INNER JOIN HARUDP ON HARSTATEPROCESS.STATEOBJID = HARUDP.STATEOBJID 
AND HARSTATEPROCESS.PROCESSOBJID = HARUDP.PROCESSOBJID 
UNION 
SELECT HARENVIRONMENT.ENVIRONMENTNAME, 
DECODE(HARENVIRONMENT.ENVISACTIVE, 'T', 'TEMPLATE', 'Y', 'ACTIVE', 'INACTIVE') AS PROJECTTYPE, 
HARSTATE.STATENAME, 
HARSTATEPROCESS.PROCESSNAME AS PARENTPROCESS, 
DECODE(HARLINKEDPROCESS.PROCESSPRELINK, 'Y', 'PRELINKED','POSTLINKED') AS LINKED, 
HARUDP.PROCESSNAME AS UDPPROCESS, 
HARUDP.PROGRAMNAME 
FROM HARENVIRONMENT 
INNER JOIN HARSTATE ON HARENVIRONMENT.ENVOBJID = HARSTATE.ENVOBJID 
INNER JOIN HARSTATEPROCESS ON HARSTATE.STATEOBJID = HARSTATEPROCESS.STATEOBJID 
INNER JOIN HARLINKEDPROCESS ON HARSTATEPROCESS.STATEOBJID = HARLINKEDPROCESS.STATEOBJID 
AND HARSTATEPROCESS.PROCESSOBJID = HARLINKEDPROCESS.PARENTPROCOBJID 
INNER JOIN HARUDP ON HARLINKEDPROCESS.PARENTPROCOBJID = HARUDP.PARENTPROCOBJID 
AND HARLINKEDPROCESS.PROCESSOBJID = HARUDP.PROCESSOBJID 
ORDER BY 2, 1, 3, 4, 5 

From the SCM perspective these are the types and usages of userids and passwords in SCM.