Summary:
How to encrypt the Database Administrator Password in the Sm.registry file without using the Policy Server Management Console (SmConsole) in Unix based systems.
Background:
The Policy server management is GUI based utility and will need X11 forwarding to be able to work with it in Unix systems.
Most of the configuration available in SmConsole can also be performed directly by modifying the Sm.registry file located at <PolicyServer_Install_Directory>/registry directory.
However, the challenge is when we need to modify an encrypted value like Database Administrator password or Policy store Administrator password etc without using the SmConsole.
Environment:
Policy Server : R12.5+,
OS : Unix
Instructions:
An workaround for this use case, is to use the “smldapsetup” utility bundled with the Policy server as follows:
smldapsetup reg -hldapserver.mycompany.com -d”LDAP User” -wMyPassword123 -ro=security.com
Where, “MyPassword123” needs to be replaced with the actual password that you would like to encrypt.
Note : Running the above command modifies the LDAP Policy store connection details, so if you are using LDAP Policy store, do NOT use this workaround.
Then, copy the value of the encrypted password from the following registry key to the relevant section in the Sm.registry file:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Netegrity\SiteMinder\CurrentVersion\LdapPolicyStore\AdminPW
For e.g for the Database Administrator password for “Policy store” , you will need to copy the encrypted password value to the key :
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Netegrity\SiteMinder\CurrentVersion\Database\Default\Password
Additional Information:
Enhancement Request for command line option for SmConsole : https://communities.ca.com/ideas/235732441