Using Named Passwords

DirXML 1.x provided the ability to store a single password securely, so that a driver could use that password without having it hard-coded in clear text in the driver policies.

Identity Manager allows you to store multiple passwords securely for a particular driver. This new functionality is referred to as Named Passwords. Each different password is accessed by a key, or name.

You can also use the Named Passwords feature to store other pieces of information securely, such as a username.

To use a named password in a driver policy, you refer to it by the name of the password, instead of using the actual password, and the DirXML engine sends the password to the driver. The method described in this section for storing and retrieving Named Passwords can be used with any driver without making changes to the driver shim.

NOTE:  The sample configurations provided for the DirXML Driver for Lotus Notes include an example of using Named Passwords in this way. The Notes driver shim has also been customized to support other ways of using Named Passwords, and examples of those methods are also included. For more information, see the section on Named Passwords in the DirXML Driver for Lotus Notes Implementation Guide.

In this section:


Configuring Named Passwords Using iManager

  1. In iManager, click DirXML Management > Overview. Search for the driver sets, or browse and select a container that holds the driver set.

    A graphical representation of the driver set appears.

  2. In the DirXML Overview, click the icon for the driver.

    A graphical representation of the driver configuration appears.

  3. In the DirXML Driver Overview, click the driver icon.

    The Modify Object page appears.

  4. On the Modify Object page on the DirXML tab, click Named Passwords.

    The Named Passwords page appears, listing the current Named Passwords for this driver. If you have not set up any Named Passwords, the list is empty.


    Named Password tab displays the current list of Named Passwords for the driver

  5. To add a Named Password, click Add, complete the fields, and click OK.

    A page appears that lets you specify the name, display name, and password.

    Keep in mind that you can use this feature to store other kinds of information securely, such as a username.


    Named Password input page lets you provide a name and a display name, and enter the password

  6. To remove a Named Password, click Remove.

    The password is removed without prompting you to confirm the action.


Configuring Named Passwords Using the DirXML Command Line Utility


Creating a Named Password in the DirXML Command Line Utility

  1. Run the DirXML Command Line Utility.

    For information, see Using the DirXML Command Line Utility.

  2. Enter your user name and password.

    The following list of options appears.

    DirXML commands
     1: Start driver 
     2: Stop driver 
     3: Driver operations... 
     4: Driver set operations... 
     5: Log events operations... 
     6: Get DirXML version 
    99: Quit
    Enter choice:

  3. Enter 3 for driver operations.

    A numbered list of drivers appears.

  4. Enter the number for the driver you want to add a Named Password to.

    The following list of options appears.

    Select a driver operation for: 
    driver_name
     1: Start driver 
     2: Stop driver 
     3: Get driver state 
     4: Get driver start option 
     5: Set driver start option 
     6: Resync driver 
     7: Migrate from application into DirXML 
     8: Submit XDS command document to driver 
     9: Check object password 
    10: Initialize new driver object 
    11: Passwords operations 
    12: Cache operations 
    99: Exit
    Enter choice:

  5. Enter 11 for password operations.

    The following list of options appears.

    Select a password operation
     1: Set shim password 
     2: Reset shim password 
     3: Set named password 
     4: Clear named password(s) 
     5: List named passwords 
    99: Exit
    Enter choice:

  6. Enter 3 to set a new Named Password.

    The following prompt appears:

    Enter password name:

  7. Enter the name by which you want to refer to the Named Password.

  8. Enter the actual password that you want to secure, at the following prompt that appears:

    Enter password:

    The characters you type for the password are not displayed.

  9. Confirm the password by entering it again, at the following prompt that appears:

    Confirm password:

  10. After you enter and confirm the password, you are returned to the password operations menu.

After completing this procedure, you can use the 99 option twice to exit the menu and quit the DXCommand utility.


Removing a Named Password in the DirXML Command Line Utility

This option is useful if you no longer need Named Passwords you previously created.

  1. Run the DirXML Command Line Utility.

    For information, see Using the DirXML Command Line Utility.

  2. Enter your user name and password.

    The following list of options appears.

    DirXML commands
     1: Start driver 
     2: Stop driver 
     3: Driver operations... 
     4: Driver set operations... 
     5: Log events operations... 
     6: Get DirXML version 
    99: Quit
    Enter choice:

  3. Enter 3 for driver operations.

    A numbered list of drivers appears.

  4. Enter the number for the driver you want to remove Named Passwords from.

    The following list of options appears.

    Select a driver operation for: 
    driver_name
     1: Start driver 
     2: Stop driver 
     3: Get driver state 
     4: Get driver start option 
     5: Set driver start option 
     6: Resync driver 
     7: Migrate from application into DirXML 
     8: Submit XDS command document to driver 
     9: Check object password 
    10: Initialize new driver object 
    11: Passwords operations 
    12: Cache operations 
    99: Exit
    Enter choice:

  5. Enter 11 for password operations.

    The following list of options appears.

    Select a password operation
     1: Set shim password 
     2: Reset shim password 
     3: Set named password 
     4: Clear named password(s) 
     5: List named passwords 
    99: Exit
    Enter choice:

  6. (Optional) Enter 5 to see the list of existing Named Passwords.

    The list of existing Named Passwords is displayed.

    This step can help you make sure you are removing the correct password.

  7. Enter 4 to remove one or more Named Passwords.

  8. Enter No to remove a single Name Password, at the following prompt that appears:

    Do you want to clear all named passwords? (yes/no):

  9. Enter the name of the Named Password you want to remove, at the following prompt that appears:

    Enter password name:

    After you enter the name of the Named Password you want to remove, you are returned to the password operations menu:

    Select a password operation
     1: Set shim password 
     2: Reset shim password 
     3: Set named password 
     4: Clear named password(s) 
     5: List named passwords 
    99: Exit
    Enter choice:

  10. (Optional) Enter 5 to see the list of existing Named Passwords.

    The list of existing Named Passwords is displayed.

    This step lets you verify that you have removed the correct password.

After completing this procedure, you can use the 99 option twice to exit the menu and quit the DXCommand utility.


Using Named Passwords in Driver Policies

The following example shows how a named password can be referenced in a driver policy on the Subscriber channel in XSLT:

<xsl:value-of select="query:getNamedPassword($srcQueryProcessor,'mynamedpassword')" 
xmlns:query="http://www.novell.com/java/com.novell.nds.dirxml.driver.XdsQueryProcessor/>