Configure OpenSwitch to use encrypted user names and passwords by using a text editor to modify the following parameters in the OpenSwitch configuration file:
ADMIN_USER
ADMIN_PASSWORD
COORD_USER
COORD_PASSWORD
CMON_USER
CMON_PASSWORD
COMPANION_ADMIN_USER
COMPANION_ADMIN_PASSWORD
If OpenSwitch is configured for user name and password encryption, all user names and passwords in the OpenSwitch configuration file as well as those in the coordination module must be encrypted. See “Manually editing configuration options”.
Encrypting user names and passwords in the configuration
file
Shut down OpenSwitch using rp_shutdown (see rp_shutdown).
Restart OpenSwitch with the -E flag (see “Using command line options”).
OpenSwitch prompts for each user name and password in the configuration file. Once all of the entries are made, OpenSwitch writes the encrypted user names and passwords to the console.
You can use a file name as an optional argument with the -E flag so the encrypted user names and passwords are written to the specified file as well as the console. If an argument is not given, OpenSwitch writes the information only to the console. This is an example of the output:
ADMIN_USER =encrypted username ADMIN_PASSWORD = encrypted password COORD_USER = encrypted username COORD_PASSWORD = encrypted password CMON_USER = encrypted username CMON_PASSWORD = encrypted password COMPANION_ADMIN_USER = encrypted username COMPANION_ADMIN_PASSWORD = encrypted password CMON_USER = encrypted username CMON_PASSWORD = encrypted password SERVER NAME = server name in plain text USERNAME_PASSWORD_ENCRYPTED = 1
In this example, two CMON_USER and CMON_PASSWORD entries
display. The first entry applies to all the servers for which the
user has not explicitly set the CMON_USER and CMON_PASSWORD.
The second CMON_USER and CMON_PASSWORD was
explicitly set by the user for a specific server.
With a text editor, modify the configuration file to replace the non-encrypted values with the new encrypted values. Verify the USERNAME_PASSWORD_ENCRYPTED option is set to 1.
Restart OpenSwitch.
To encrypt a user name and password that are not in the OpenSwitch configuration file, such as ping_user and ping_password, which are in the cm1.c sample, start OpenSwitch with -pusername or -ppassword. See “Using command line options”. The encrypted string displays on the console, which you can then cut and paste to where it is needed.
