Special Characters in DB password for CA Strong Authentication
Article ID: 130599
Updated On:
Products
CA Rapid App Security
CA Advanced Authentication
Issue/Introduction
CA Strong authentication provides a utility called DBUTIL to update the password associated with DSN (Data Source Name) and DB password in securestore.enc, which is an encrypted file that is used while connecting to the back end Database.
This document highlights the fact that on a Linux/Unix system when using special characters in the DB / DSN password the command to update the DB password - DBUtil -pu <DB username> <DB password> - may fail like shown below with "Error: unrecognized extra argument"
======================= Example ============================
[[email protected] tools]# ./DBUtil -pu arcotdsn aaaa!234
./DBUtil Usage:
DBUtil -init <encryptKeyName>
DBUtil -pi <key> <value> [-h HSMPin [-d HSMModule]]
DBUtil -pu <key> <value> [-h HSMPin [-d HSMModule]]
DBUtil -pd <key> [-h HSMPin [-d HSMModule]]
DBUtil -i <primeKey> <HSMPin>
DBUtil -u <primeKey> <HSMPin>
DBUtil -d <primeKey>
Where:
-init: create a new securestore.enc file
-pi, -pu, -pd: insert, update, delete a name,value pair
-i, -u, -d: insert, update, delete a primary name,value pair
(primary entries are used during server startup
to provide HSM initialization info)
-h HSMPin: required if securestore.enc is protected by HSM crypto
(using "prompt" (without quotes) as HSMPin allows
you to supply PIN seperately in masked form)
-d HSMModule: optional when -h is present. Defaults to "nfast" (NCipher)
Note: for backward compatibility, if <key> is "NCipher",
-pi, -pu, -pd are interpreted as -i, -u, -d respectively
Error: unrecognized extra argument
[[email protected] bin]#
===================================== End of Example =================
DBUtility usage on a Linux/Unix system
This document highlights the fact that on a Linux/Unix system when using special characters in the DB / DSN password the command to update the DB password - DBUtil -pu <DB username> <DB password> - may fail like shown below with "Error: unrecognized extra argument"
======================= Example ============================
[[email protected] tools]# ./DBUtil -pu arcotdsn aaaa!234
./DBUtil Usage:
DBUtil -init <encryptKeyName>
DBUtil -pi <key> <value> [-h HSMPin [-d HSMModule]]
DBUtil -pu <key> <value> [-h HSMPin [-d HSMModule]]
DBUtil -pd <key> [-h HSMPin [-d HSMModule]]
DBUtil -i <primeKey> <HSMPin>
DBUtil -u <primeKey> <HSMPin>
DBUtil -d <primeKey>
Where:
-init: create a new securestore.enc file
-pi, -pu, -pd: insert, update, delete a name,value pair
-i, -u, -d: insert, update, delete a primary name,value pair
(primary entries are used during server startup
to provide HSM initialization info)
-h HSMPin: required if securestore.enc is protected by HSM crypto
(using "prompt" (without quotes) as HSMPin allows
you to supply PIN seperately in masked form)
-d HSMModule: optional when -h is present. Defaults to "nfast" (NCipher)
Note: for backward compatibility, if <key> is "NCipher",
-pi, -pu, -pd are interpreted as -i, -u, -d respectively
Error: unrecognized extra argument
[[email protected] bin]#
===================================== End of Example =================
DBUtility usage on a Linux/Unix system
Environment
CA Strong Authentication / Ca Risk Authentication system.
Resolution
When on a Unix/Linux system use the following format to update DSN/DB Password.
1. For DSN password update --- ./dbutil -pi yourDSNname 'YourDSNPasswordinSingleQuotes'
2. For DB password update --- ./dbutil -pi yourDBuserName 'YourDBPasswordinSingleQuotes'
**** Essentially the password containing special characters should be enclosed in single quotes ***
1. For DSN password update --- ./dbutil -pi yourDSNname 'YourDSNPasswordinSingleQuotes'
2. For DB password update --- ./dbutil -pi yourDBuserName 'YourDBPasswordinSingleQuotes'
**** Essentially the password containing special characters should be enclosed in single quotes ***
Additional Information
1. For usage of DBUTIL utility refer to the following link
https://docops.ca.com/ca-advanced-authentication/9-0/en/administrating/administrating-ca-strong-authentication/system-administrators-utilities/dbutil-ca-strong-authentication-database-utility
2. This article only applies the usage of DBUtil utility on a Linux system prompt. During Installation (via provided installers) and Upgrade procedures the password should be provided "as is"
https://docops.ca.com/ca-advanced-authentication/9-0/en/administrating/administrating-ca-strong-authentication/system-administrators-utilities/dbutil-ca-strong-authentication-database-utility
2. This article only applies the usage of DBUtil utility on a Linux system prompt. During Installation (via provided installers) and Upgrade procedures the password should be provided "as is"
Feedback
Yes
No
Powered by
