Example: Using tdspasswd-reencrypt with No Options
Utility uses the LDAP service password in the MechanismProperties section as shown below.
<Mechanism Name="ldap">
<MechanismProperties
. . .
UseLdapConfig="no"
LdapServicePasswordProtected="yes"
LdapServicePassword="non-fips-encrypted-password"
/>
tdspasswd-reencrypt Call with No Options
# tdspasswd-reencrypt
tdspasswd-reencrypt Output When Not Using Options
tdgss_configure warning:
TDGSS_BIN_FILE not set.
TDGSSCONFIG GDO used in tdgss.
re-encrypted-fips-compliant-password
Example: Using tdspasswd-reencrypt with Service
Utility uses the LDAP service password in the Services section as show below.
<LdapConfig>
<Services>
<Service
Id="reencrypt-service"
. . .
LdapServicePasswordProtected="yes"
LdapServicePassword="non-fips-encrypted-password" />
</Services>
</LdapConfig>
tdspasswd-reencrypt Call Using Service
# tdspasswd-reencrypt -s reencrypt-service
tdspasswd-reencrypt Output When Using Service
tdgss_configure warning:
TDGSS_BIN_FILE not set.
TDGSSCONFIG GDO used in tdgss.
re-encrypted-fips-compliant-password
Example: tdspasswd-reencrypt Call for Information
# tdspasswd-reencrypt -?
tdspasswd-reencrypt Output with Explanation
tdspasswd-reencrypt -- Generates a FIPS-compliant encrypted LDAP password using the existing non-FIPS-compliant encrypted password stored in the LdapServicePassword LDAP property from configuration. Notes: - The LdapServicePassword value in the configuration file must be present and be a non-FIPS-compliant encrypted. -The LdapServicePasswordProtected value in the configuration file must be set to "TRUE", indicating that the LdapServicePassword value is encrypted. - The user must update the configuration with the new password and issue "run_tdgssconfig" for it to take effect. A TPA reset is not required. Usage: tdspasswd-reencrypt [options] Where the optional [options] is one of: -s <service>: The service from which the LdapServicePassword value is to be used. Ex: tdspasswd-reencrypt tdspasswd-reencrypt -s <service_name>