define | create safe_password
Passwords can be used in different contexts in ActiveSpaces. Depending on the configuration of the security domains, token files, and user authentication requirements, there are different options. The define | create safe_password command allows you to create safe passwords for different situations.
Remarks
If you choose to encrypt identities in domain or token files, you must use one of the following commands:
- define | create security_policy ... encrypt true ... policy_file <string>
- define | create security_token ... create_identity ... encrypt true ... token_file <string>
When safe passwords are created to be used to decrypt identities, use create safe_password for identity .
If client authentication is to be enforced in the security policy for a given cluster, then joining requestor members must provide a valid credential before being able to use cluster resources. If the authentication scheme is userpwd (authentication=userpwd;...) then the user must normally provide a username and a password (and an additional domain value if using system source and windows authentication where accounts reside on a central/corporate server).
When safe passwords are created to be used in this context, use create safe_password for authentication.
For both of the above cases, the command produces encoded passwords, which can only be used for the purpose created. The password can then be applied in command lines, scripts, APIs and even at password prompts.
Example:
as-admin> create safe_password for identity Password: ... Verifying - Password: ... Safe password: #SAFE#e041rA3TWXxJmhiriab7wG1p+OQqDbxCI0dsrDhTcLdbM= ... > as-examples -security_policy policy.txt -listen tcp://localhost -role seeder -identity_password #SAFE#e041rA3TWXxJmhiriab7wG1p+OQqDbxCI0dsrDhTcLdbM= as-admin> create safe_password for authentication Password: ... Verifying - Password: ... Safe password: #SAFE#69+OgjeN0tWrlDkvpJQ6D/e81T3pUbLYhOoRH9dxKX/As=