- RS that it's RSSD is set with encrypted password.
- RS that is itself set with encrypted password (Encrypted password RS).
RS that its RSSD is set with encrypted password
This configuration means that:
- The RS that itself is not set with encrypted password.
- The RSSD of the RS is set with encrypted password (more correct: the ASE instance where the RSSD is stored is set with encrypted password).
On the RS, we need to set "send_enc_password” to 'on' - from RS or in the configuration file.
From RS:
- login RS.
- configure “replication server set send_enc_password"
- Restart RS
1> configure replication server set send_enc_password to 'on'
2> go
From the configuration file:
- Set the configuration parameter "RS_send_enc_pw" to “on” in the rs_name.cfg file.
- Restart RS.
In order to make routing works, It has to be done in the ‘source’ RS of the routing and in any other RS that connects to the “encrypted password” ASE instance.
Encrypted password RS
By default, RS is passwords encrypted.
When installing a new RS - it uses password encryption.
Verify that password encryption is enabled in RS
There are few checks in order to verify that password encryption is enabled or not for an exists RS system.
1. Check the password_encryption configuration
select objid, optionname, charvalue=substring(charvalue,1,25) from rs_config where optionname = 'password_encryption'
go
2. Check these parameters in the configuration file and see that they are encrypted: RSSD_primary_pw_enc, RSSD_maint_pw_enc, ID_pw_enc, RS_random.
Manage password encryption in RS
If your RS environment is not set with password encryption (probably old installation), you can enable it using rs_init.
The process is described in the following chart and in SAP site (Enabling password encryption for a Replication Server).
Altering an encrypted password in RS can be done using rs_init, as described in SAP site: Altering an encrypted password for a Replication Server.
More queries:
1> use YOUR_RSSD
2> go
1> select username, uid, use_enc_password, enc_password from rs_users
2> go
1> use YOUR_RSSD
2> go
1> select * from rs_encryptionkeys
2> go
Can I disable password encryption for RS?
Password encryption can be disabled for RS, but then the passwords would be exposed in the RSSD and SRS cfg file.
It looks like there is no good reason to do that.
Disabling Password Encryption:
- Set password_encryption to '0'
- Change existing passwords in the RSSD tables to clear text
- Change in rs_users and rs_maintusers tables.
- There is no way to decrypt the passwords listed in the rs_users and rs_maintusers.
- Changing passwords with the alter user SRS command for SRS users, or the alter connection command for the maintenance users.
- Once you change the password on a connection for a maintenance user, you will need to change it at the replicate dataserver and resume the connection.
- Change existing passwords in the Replication Server configuration file: manually reenter, in clear text, passwords that are currently encrypted.
- Restart RS.
configure replication server set password_encryption to '0'
go
No comments:
Post a Comment