7.7 Storing Driver Passwords Securely with Named Passwords

Identity Manager allows you to store multiple passwords securely for a particular driver. This functionality is referred to as Named Passwords. Each different password is accessed by a key, or name.

You can also use the Named Passwords feature to store other pieces of information securely, such as a user name.

To use a named password in a driver policy, you refer to it by the name of the password, instead of using the actual password, and the Metadirectory engine sends the password to the driver. The method described in this section for storing and retrieving named passwords can be used with any driver without making changes to the driver shim.

7.7.1 Using Designer to Configure Named Passwords

  1. Right-click the Driver object, then select Properties.

  2. Select Named Password, then click New.

    Named passwords fields
  3. Specify the Name of the named password.

  4. Specify the Display name of the named password.

  5. Specify the named password, then re-enter the password.

  6. Click OK twice.

7.7.2 Using iManager to Configure Named Passwords

  1. Click Identity Manager > Identity Manager Overview.

  2. Click Search to search for the driver set that is associated with the driver.

  3. In the Identity Manager Overview, click the upper right corner of the driver icon, then click Edit properties.

  4. On the Modify Object page on the Identity Manager tab, click Named Passwords.

    The Named Passwords page appears, listing the current named passwords for this driver. If you have not set up any named passwords, the list is empty.

    Named passwords
  5. To add a named password, click Add, complete the fields, then click OK.

    Create named password
  6. Specify a name, display name, and a password, then click OK twice.

    You can use this feature to store other kinds of information securely, such as a username.

  7. Click OK to restart the driver and have the changes take effect.

To remove a Named Password, select the password name, then click Remove. The password is removed without prompting you to confirm the action.

7.7.3 Using Named Passwords in Driver Policies

Making a Call to a Named Password

  1. In Designer, launch Policy Builder, right-click, then click New > Rule.

  2. Specify the name of the rule, then click Next.

  3. Select the condition structure, then click Next.

  4. Select named password for the Condition.

  5. Browse to and select the named password that is stored on the driver.

    In this example, the named password is userinfo.

  6. Select whether the Operator is available or not available.

  7. Select an action for the Do field.

    In this example, the action is veto.

The example indicates that if the userinfo named password is not available, then the event is vetoed.

Figure 7-1 A Policy Using Named Passwords

Referencing a Named Password

The following example shows how a named password can be referenced in a driver policy on the Subscriber channel in XSLT:

<xsl:value-of select=”query:getNamedPassword($srcQueryProcessor,'mynamedpassword')”
xmlns:query=”http://www.novell.com/java/com.novell.nds.dirxml.driver.XdsQueryProcessor/>

7.7.4 Using the DirXML Command Line Utility to Configure Named Passwords

Creating a Named Password in the DirXML Command Line Utility

  1. Run the DirXML Command Line utility.

    For information, see Section A.0, The DirXML Command Line Utility.

  2. Enter your username and password.

    The following list of options appears.

    DirXML commands
    
     1: Start driver
     2: Stop driver
     3: Driver operations...
     4: Driver set operations...
     5: Log events operations...
     6: Get DirXML version
    
     7: Job operations...
    99: Quit
    
    Enter choice:
    
  3. Enter 3 for driver operations.

    A numbered list of drivers appears.

  4. Enter the number for the driver you want to add a named password to.

    The following list of options appears.

    Select a driver operation for:
    driver_name
    
     1: Start driver
     2: Stop driver
     3: Get driver state
     4: Get driver start option
     5: Set driver start option
     6: Resync driver
     7: Migrate from application into DirXML
     8: Submit XDS command document to driver
    
     9: Submit XDS event document to driver
    
    10: Queue event for driver
    11: Check object password
    12: Initialize new driver object
    13: Passwords operations
    14: Cache operations
    99: Exit
    
    Enter choice:
    
  5. Enter 13 for password operations.

    The following list of options appears.

    Select a password operation
    
     1: Set shim password
     2: Reset shim password
    
     3: Set Remote Loader password
    
     4: Clear Remote Loader password
     5: Set named password
     6: Clear named password(s)
     7: List named passwords
    
     8: Get passwords state
    99: Exit
    
    Enter choice:
    
  6. Enter 5 to set a new named password.

    The following prompt appears:

    Enter password name:
    
  7. Enter the name by which you want to refer to the named password.

  8. Enter the actual password that you want to secure at the following prompt:

    Enter password:
    

    The characters you type for the password are not displayed.

  9. Confirm the password by entering it again at the following prompt:

    Confirm password:
    
  10. After you enter and confirm the password, you are returned to the password operations menu.

  11. After completing this procedure, use the 99 option twice to exit the menu and quit the DirXML Command Line Utility.

Removing a Named Password by Using the DirXML Command Line Utility

This option is useful if you no longer need named passwords that you previously created.

  1. Run the DirXML Command Line utility.

    For information, see Section A.0, The DirXML Command Line Utility.

  2. Enter your username and password.

    The following list of options appears.

    DirXML commands
    
     1: Start driver
     2: Stop driver
     3: Driver operations...
     4: Driver set operations...
     5: Log events operations...
     6: Get DirXML version
    
     7: Job operations
    99: Quit
    
    Enter choice:
    
  3. Enter 3 for driver operations.

    A numbered list of drivers appears.

  4. Enter the number for the driver you want to remove named passwords from.

    The following list of options appears.

    Select a driver operation for:
    driver_name
    
     1: Start driver
     2: Stop driver
     3: Get driver state
     4: Get driver start option
     5: Set driver start option
     6: Resync driver
     7: Migrate from application into DirXML
     8: Submit XDS command document to driver
    
     9: Submit XDS event document to driver
    
    10: Queue event for driver
    11: Check object password
    12: Initialize new driver object
    13: Passwords operations
    14: Cache operations
    99: Exit
    
    Enter choice:
    
  5. Enter 13 for password operations.

    The following list of options appears.

    Select a password operation
    
     1: Set shim password
     2: Reset shim password
    
     3: Set Remote Loader password
    
     4: Clear Remote Loader passwor
     5: Set named password
     6: Clear named password(s)
     7: List named passwords
    
     8: Get passwords state
    99: Exit
    
    Enter choice:
    
  6. (Optional) Enter 7 to see the list of existing named passwords.

    The list of existing named passwords is displayed.

    This step can help you make sure you are removing the correct password.

  7. Enter 6 to remove one or more named passwords.

  8. Enter No to remove a single named password at the following prompt:

    Do you want to clear all named passwords? (yes/no):
    
  9. Enter the name of the named password you want to remove at the following prompt:

    Enter password name:
    

    After you enter the name of the named password you want to remove, you are returned to the password operations menu:

    Select a password operation
    
     1: Set shim password
     2: Reset shim password
    
     3: Set Remote Loader password
    
     4: Clear Remote Loader password
     5: Set named password
     6: Clear named password(s)
     7: List named passwords
    
     8: Get passwords state
    99: Exit
    
    Enter choice:
    
  10. (Optional) Enter 7 to see the list of existing named passwords.

    This step lets you verify that you have removed the correct password.

  11. After completing this procedure, use the 99 option twice to exit the menu and quit the DirXML Command Line utility.