CA Privileged Identity Manager Tech Tip by Diego Lombardia, Sr Support Engineer for April 26th.
If you are planning to change the DB user's password that you are actually using for session recording feature you should:
1) Change the DB user's password at SQL/Oracle.
2) Encrypt the new password and define it in the CA ProxyManager config file.
Step #1 should be straight forward and has to be done by the DBA Admin, to complete step #2 you should open a CMD window and define the JAVA_HOME variable pointing to the JRE location:
> set JAVA_HOME=C:\jdk1.8.0\
After this switch to C:\Program Files\CA\AccessControlServer\IAM Suite\Access Control\tools\PasswordTool and execute the pwdtool as follows:
> pwdtools.bat -FIPS -p "YourPlainTextPassword" -key C:\jboss-4.2.3.GA\server\default\deploy\IdentityMinder.ear\config\com\netegrity\config\keys\FIPSkey.dat"
Kindly note that pwdtools.bat file checks the proper JAVA_HOME definition, if it finds any error a message will be displayed and you would have to double check the correct JAVA_HOME definition.
If JAVA_HOME is pointing to the correct location then pwdtools will be executed and then you should receive something similar to the following output:
Plain Text: YourPlainTextPassword
Encrypted value: {AES}:+VY4CPKjBTsN6FDiYsId9w==
******************************************
Then you should edit the C:\Program Files\CA\AccessControlServer\Services\ProxyManager\conf\database.properties file and set the user's password as listed below:
recording_database_user_password={AES}:+VY4CPKjBTsN6FDiYsId9w==
After the user's password has been changed at the database level and database.properties file then you can restart CA ProxyManager service for the change to take place.
Hope this helps,
Diego.