What I meant is the password attributes data type.. for e.g. if I need to modify the password on OIM I see the password attribute on OIM when mapping the fields on the web service as complexType: multiValuedBinary...
See attached.. Joe From: Easter, David Sent: Monday, June 04, 2012 12:56 PM Newsgroups: public.remedy.arsystem.general To: [email protected] Subject: Re: bmc 7.6.04 sp3 main tool (encryption) ** Hi Joe, Sorry – not exactly sure what you’re asking. Are you asking about what authentication types are supported within web services? Right now it’s WSSecurity Username Token 1.0. (Web Services that use Username Token 1.1 can be used, if they support 1.0 as well.) as mentioned in the Integrating Guide. Or are you asking about how passwords are stored within AR System itself (ignoring the web services comment)? If so, technically, passwords aren’t stored in AR System – only the hash. For user passwords, the Password field is encrypted into the database by using a one-way hash (SHA1) as mentioned in the Configuration Guide. -David J. Easter Manager of Product Management, AR System BSM & Atrium Solutions Management BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of Joe Martin D'Souza Sent: Friday, June 01, 2012 7:27 PM To: [email protected] Subject: Re: bmc 7.6.04 sp3 main tool (encryption) ** Just out of curiosity, in case I am playing with web services, and am tasked with a password reset web service, the data type passwords must be is a base-64. Is this the same standard that the ARS uses? I am not tasked with this yet but if we really explore all possible options after getting basic web services working that we are attempting, I see this coming up somewhere in the future.. Joe From: Easter, David Sent: Friday, June 01, 2012 6:10 PM Newsgroups: public.remedy.arsystem.general To: [email protected] Subject: Re: bmc 7.6.04 sp3 main tool (encryption) ** It’s not for passwords, no. It’s over-the-wire encryption of the API. Performance is AES-128 Premium is AES-256 -David J. Easter Manager of Product Management, AR System BSM & Atrium Solutions Management BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of patrick zandi Sent: Friday, June 01, 2012 10:51 AM To: [email protected] Subject: Re: bmc 7.6.04 sp3 main tool (encryption) ** So the basic is the DES, then the paid for products take over correct? The Password is this correct? So "Performance" aes-128 and "Premium" AES-256 Thanks Dave, you always come through.. On Fri, Jun 1, 2012 at 1:42 PM, Easter, David <[email protected]> wrote: ** Encryption that meets FIPS 140-2 requirements is available once you’ve loaded the Performance (providing AES-128) or Premium (AES-256) Encryption add-on product. -David J. Easter Manager of Product Management, AR System BSM & Atrium Solutions Management BMC Software, Inc. The opinions, statements, and/or suggested courses of action expressed in this E-mail do not necessarily reflect those of BMC Software, Inc. My voluntary participation in this forum is not intended to convey a role as a spokesperson, liaison or public relations representative for BMC Software, Inc. From: Action Request System discussion list(ARSList) [mailto:[email protected]] On Behalf Of patrick zandi Sent: Friday, June 01, 2012 10:39 AM To: [email protected] Subject: bmc 7.6.04 sp3 main tool (encryption) ** While I do like it has an encryption tab, this is not FIPS 140-3 compliant , DES? is the only encryption.. This makes me nervous, as I thought the rest of the system was much higher.. Can I get an explanation of the simple encryption, and why? DES\:b887ddcfd4ab1bb702f6f9470160bdf47239175230d82df74fea1558ca854bf6 <-- lets see how fast someone can crack this. -- Patrick Zandi _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ _attend WWRUG12 www.wwrug.com ARSlist: "Where the Answers Are"_ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org attend wwrug12 www.wwrug12.com ARSList: "Where the Answers Are"
<<attachment: password.png>>
