Hi Joe, Sorry – not exactly sure what you’re asking. Are you asking about what authentication types are supported within web services? Right now it’s WSSecurity Username Token 1.0. (Web Services that use Username Token 1.1 can be used, if they support 1.0 as well.) as mentioned in the Integrating Guide.
Or are you asking about how passwords are stored within AR System itself (ignoring the web services comment)? If so, technically, passwords aren’t stored in AR System – only the hash. For user passwords, the Password field is encrypted into the database by using a one-way hash (SHA1) as mentioned in the Configuration Guide. -David J. Easter Manager of Product Management, AR System BSM & Atrium Solutions Management BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Joe Martin D'Souza Sent: Friday, June 01, 2012 7:27 PM To: [email protected] Subject: Re: bmc 7.6.04 sp3 main tool (encryption) ** Just out of curiosity, in case I am playing with web services, and am tasked with a password reset web service, the data type passwords must be is a base-64. Is this the same standard that the ARS uses? I am not tasked with this yet but if we really explore all possible options after getting basic web services working that we are attempting, I see this coming up somewhere in the future.. Joe From: Easter, David<mailto:[email protected]> Sent: Friday, June 01, 2012 6:10 PM Newsgroups: public.remedy.arsystem.general To: [email protected]<mailto:[email protected]> Subject: Re: bmc 7.6.04 sp3 main tool (encryption) ** It’s not for passwords, no. It’s over-the-wire encryption of the API. Performance is AES-128 Premium is AES-256 -David J. Easter Manager of Product Management, AR System BSM & Atrium Solutions Management BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of patrick zandi Sent: Friday, June 01, 2012 10:51 AM To: [email protected] Subject: Re: bmc 7.6.04 sp3 main tool (encryption) ** So the basic is the DES, then the paid for products take over correct? The Password is this correct? So "Performance" aes-128 and "Premium" AES-256 Thanks Dave, you always come through.. On Fri, Jun 1, 2012 at 1:42 PM, Easter, David <[email protected]<mailto:[email protected]>> wrote: ** Encryption that meets FIPS 140-2 requirements is available once you’ve loaded the Performance (providing AES-128) or Premium (AES-256) Encryption add-on product. -David J. Easter Manager of Product Management, AR System BSM & Atrium Solutions Management BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:[email protected]<mailto:[email protected]>] On Behalf Of patrick zandi Sent: Friday, June 01, 2012 10:39 AM To: [email protected]<mailto:[email protected]> Subject: bmc 7.6.04 sp3 main tool (encryption) ** While I do like it has an encryption tab, this is not FIPS 140-3 compliant , DES? is the only encryption.. This makes me nervous, as I thought the rest of the system was much higher.. Can I get an explanation of the simple encryption, and why? DES\:b887ddcfd4ab1bb702f6f9470160bdf47239175230d82df74fea1558ca854bf6 <-- lets see how fast someone can crack this. -- Patrick Zandi _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
