Special Characters in DB password for CA Strong Authentication

book

Article ID: 130599

calendar_today

Updated On:

Products

CA Rapid App Security CA Advanced Authentication

Issue/Introduction

CA Strong authentication provides a utility called DBUTIL to update the password associated with DSN (Data Source Name) and DB password in securestore.enc, which is an encrypted file that is used while connecting to the back end Database.

This document highlights the fact that on a Linux/Unix system when using special characters in the DB / DSN password the command  to update the DB password - DBUtil -pu <DB username> <DB password> - may fail like shown below with "Error: unrecognized extra argument"


=======================   Example ============================
[[email protected] tools]# ./DBUtil -pu arcotdsn aaaa!234

./DBUtil Usage:
  DBUtil -init <encryptKeyName>
  DBUtil -pi <key> <value> [-h HSMPin [-d HSMModule]]
  DBUtil -pu <key> <value> [-h HSMPin [-d HSMModule]]
  DBUtil -pd <key> [-h HSMPin [-d HSMModule]]
  DBUtil -i <primeKey> <HSMPin>
  DBUtil -u <primeKey> <HSMPin>
  DBUtil -d <primeKey>
Where:
 -init: create a new securestore.enc file
 -pi, -pu, -pd: insert, update, delete a name,value pair
 -i, -u, -d: insert, update, delete a primary name,value pair
             (primary entries are used during server startup
              to provide HSM initialization info)
 -h HSMPin: required if securestore.enc is protected by HSM crypto
            (using "prompt" (without quotes) as HSMPin allows
             you to supply PIN seperately in masked form)
 -d HSMModule: optional when -h is present. Defaults to "nfast" (NCipher)
 Note: for backward compatibility, if <key> is "NCipher",
       -pi, -pu, -pd are interpreted as -i, -u, -d respectively

Error: unrecognized extra argument
[[email protected] bin]#
=====================================  End of Example =================

 

DBUtility usage on a Linux/Unix system

Environment

CA Strong Authentication / Ca Risk Authentication system.

Resolution

When on a Unix/Linux system use the following format to update DSN/DB Password.

1. For DSN password update ---    ./dbutil -pi yourDSNname 'YourDSNPasswordinSingleQuotes' 
2. For DB password update ---       ./dbutil -pi yourDBuserName 'YourDBPasswordinSingleQuotes' 


**** Essentially the password containing special characters should be enclosed in single quotes ***

Additional Information

1. For usage of DBUTIL utility refer to the following link 

https://docops.ca.com/ca-advanced-authentication/9-0/en/administrating/administrating-ca-strong-authentication/system-administrators-utilities/dbutil-ca-strong-authentication-database-utility

2. This article only applies  the usage of DBUtil utility on a Linux system prompt. During Installation (via provided installers) and Upgrade procedures the password should be provided "as is"