FairCom DB V12 and FairCom RTG V3 now offer improved security around password handling. This modification introduces support for authorization files in FairCom DB command-line utilities. This feature enhances security because it eliminates the need to send a visible password from the command line. The authorization file is created with the c-tree ctcmdset utility.
To use this utility, first create a plain text password file similar to the following (note for our example, we called this file password.cfg):
; User Id
USERID ADMIN
; User Password
PASSWD <pass>
Then execute ctcmdset to create a masked version of the password.cfg file, as shown:
./ctcmdset password.cfg
The output from the ctcmdset utility will be a file with a .set file extension, which would be password.set in our example.
To utilize this new masked password file with the various command line utilities, use a -1 switch:
ctadmn -1 password.set
When using this .set file and the -1 switch, you won’t need to provide the user ID or password to the various FairCom DB command-line utilities. The following utilities support this command-line parameter to prevent the password from being seen in the clear:
cmdset Support for the <instance> Element
The FairCom RTG <instance> element in ctree.conf specifies instance-wide configurations. Each instance represents a connection to the FairCom RTG server. The <instance> element supports an authfile attribute to specify an encrypted authorization file created with the ctcmdset utility. If both authfile and user are specified, authfile takes precedence.