Handling passwords
To help you avoid sending your server login password in clear text across the network, we provide the clcserverkeystore
tool. This enables you to convert your password to a token, which is stored and can be interpreted by the CLC Server Command Line Tools when logging onto the server. The token is encrypted and saved with the user profile on the computer running the CLC Server Command Line Tools.
You can generate a password token using the following command:
clcserverkeystore --generateYou will be prompted for the password. After you have typed the password, press the Enter key. The password token is then returned on screen. It will be a long string of text that you should save somewhere to refer to for future use.
So, if we say that user bob
has password secret
, and has generated a password token
CAIHMAAAAAAAAAPcb769377f4
, then he could enter either of the following two commands to connect to his server. The first passes the password in plain text. The second, passes it as an encrypted token.
clcserver -S server.com -U bob -W secret
clcserver -S server.com -U bob -W CAIHMAAAAAAAAAPcb769377f4
If the token needs to be deleted, the clcserverkeystore
program has two other parameters that can be used:
- -d <token>
- This will delete the individual token provided as a parameter.
- deleteAll
-
This will delete all the tokens in the user profile.
The first section of the diagram below illustrates the process of logging into the server using a clear text password. The second section illustrates the process of generating a password token and storing it in the keystore, followed by a section showing how the token is substituted by the CLC Server Command Line Tools with the real password when initiating the connection to the server.
------------------------------------------------------------------------------------- Direct password invocation ------------------------------------------------------------------------------------- host = server.com +------------+ user = bob +------------------+ port = 7777 | Command | password = secret | | user = bob ---------> | Line | ----------------> | server.com:7777 | password = secret | Tool | | | +------------+ +------------------+ ------------------------------------------------------------------------------------- Password token generation ------------------------------------------------------------------------------------- +-----------+ generate ---------> | | password = secret | Command | | Line | | Tool | \ *** password key *** <--------- | | \ CAIHMAAAAAAAAAPcb769377f4 | | +----------+ ******************** +-----------+ | KeyStore | +----------+ ------------------------------------------------------------------------------------- Password token invocation ------------------------------------------------------------------------------------- host = server.com port = 7777 user = bob +------------+ password = | Command | user = bob +------------------+ CAIHMAAAAAAAAAPcb7 | Line | password = secret | | 69377f4 ------------> | Tool | ----------------> | server.com:7777 | +------------+ | | \ +------------------+ \ +----------+ | KeyStore | +----------+