Here you can specify the password of the user with property "User
name".
Normal value: Here you can enter
a user password directly. When you click OK, the password will be automatically
encrypted.
Encrypted value: If the password
has been encrypted using the Set encrypted variable script action, this
variable can be entered or selected in the Encrypted value field.
In an UMRA script, the passwords
are always stored encrypted. When an LDAP session is established however,
the password is automatically decrypted and there will be two possible
options:
Non-secure communication
(No SSL enctyption)- All communication with the LDAP Server and the UMRA
software is not encrypted. Authentication is accomplished using an account
name and the password which was encrypted in UMRA will be decrypted automatically
and sent as clear text. Although simple to implement, this option is not
recommended because of security reasons. The option can be used for testing
purposes.
Secure with SSL
(SSL Encryption flag set to "Yes": All communication
between the LDAP client, e.g. the UMRA software and the LDAP Server is
encrypted using the SSL standard. This option is recommended and secure.
All data is sent encrypted.
Generating your own key for encryption
and decryption
UMRA uses the same key for encrypton
and decryption which is automatically generated when you install the UMRA
service. For security reasons, you may decide to generate your own key,
in which case you must ensure that the key which is generated on the UMRA
Console side is identical to the one on the UMRA service side. Ho to do
this, is described in the following procedure.
Generating a key on the UMRA Service
side
1. In Windows,
select Start-->All Programs-->Administrative Tools-->Active Directory Users and Computers. Select the \Users folder.
Right-click
the UMRA Service (called UmraSvcAccount)
and select the command Reset Password.
Enter a new
password in the Reset Password dialog box and confirm your password. Note that you can only do this if you are currently
logged in with an administrator password.
Log
off by selecting Start-->Log
Off
Next, we need to log
on using the UMRA Service account and the password we have just entered
to create a new registry key.
Press
Ctrl-Alt-Delete
and enter the UMRA Service account (UMRASvcAccount) and password:
Start
the registry editor by selecting Start-->Run and entering "Regedit".
In
the Communication folder, create a new String value called
"Key"
and enter a password. This key and the password should
be exactlly the same on the
UMRA console side!!!
Log
off.
Generating a key on the
UMRA Console side
Log
in using an account with administrative rights. Repeat steps 6-8 as described
under Generating a key on the
UMRA Service side. The key has
now been succesfully changed.
