What tokens are used to store passwords in CA Access Control.


Article ID: 51292


Updated On:


CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation AE - Scheduler (AutoSys) CA Workload Automation Agent



This knowledge article details the passwd_distribution_encryption_mode and passwd_local_encryption_method tokens.


The following conditions must be met for the endpoint to choose how the password is stored.

  1. The subscriber passwd_distribution_encryption_mode must match the same mode on the PMDB.
  2. If they match, then the subscriber chosen passwd_local_encryption_method is employed, and reflected in /etc/shadow.
  3. If passwd_distribution_encryption_mode does not match, then the subscriber local storage defaults to the method chosen on the PMDB. The local method value is ignored.

Note: *- If passwd_distribution_encryption_mode = 2 (md5) is chosen on the PMDB, the subscriber cannot choose between crypt or md5 as a local method. It will always be an md5 hash in /etc/shadow.

Token Details as found in our seos.ini file and listed below.


; This token indicates which password encryption method the local system; uses to distribute user passwords.; Valid values are: '1' - Compatibility mode - working with older; versions of eAC, hence we use 'crypt' like we used to,; or '2' - MD5 hashing - when working in Linux only environment use; 'crypt' with MD5 salt, or '3' - bidirectional mode - where we encrypt; the passwords with our own bidirectional encryption.; Default Value: 1 


; This token indicates which password encryption method the local system; stores user passwords.; Valid values are: 'crypt' - DES crypt/bigcrypt, or 'md5' - MD5 hashing.; Default Value: crypt


Component: SEOSU