.
contact contact


dbpasswd utility

» Usage | Examples | See also
 
.
  The dbpasswd utility may be used to create protected database password files and/or to change user database passwords. This provides a convenient and secure option to change database user passwords and avoid using clear text passwords.

Database password files may be used to authenticate with the database server (for example, using the EQ_DBUSER environment variable). The dbpasswd utility adds the option to use protected password files and to impose additional restrictions on their use, such as expiration period, operating system user or host system.

Usage

usage: dbpasswd [options] [user]

options:
 -help         - show usage (this list)
 -f fname      - create password file
 -r opt[,...]  - restrict password file (comma separated list)
                  user[=name]    - restrict to OS user
                  exp[=#[dhms]]  - specify expiration period
                  ino            - restrict copying password file
                  sys            - restrict to current system
 -c            - change database user password
 -v            - verify password against database server
 -t fname      - test password file
 -h host       - host name or address (and service)
 -s service    - service name or port number
 -d flags      - debug flags
 -P            - use stdin to read password
The dbpasswd utility may be used to change the database password, verify the database password and/or create a password file. An option -f, -c, -v or -t must be present to specify the dbpasswd function.

The option -c specifies to change the database password. The old and new passwords must be entered interactively.

The option -v may be used to verify the user password against the database server. This is useful to ensure the password file is valid. The option -v is implied when changing a password.

If the option -c or -v is present, the database server is connected. The -h and/or -s options may be used to specify the database server host and service. When not present the default is used (the EQ_DBSERVER environment variable may be used to specify the default).

The option -f specifies to create a protected password file. The database password is stored in encrypted form along with optional restrictions on the use of the password file.

The option -r may be used to specify a comma separated list of password file restrictions.

  • The restriction "user" limits use of the password file to the current OS user.

  • The restriction "user=name" restricts use of the password file to the named OS user.

  • The restriction "exp" specifies a default expiration period of 24 hours.

  • The restriction "exp=NX" specifies the expiration period where N indicates a numeric value and X the optional unit. The following units are supported:

    • "d" ("days") - 24 hours, 86400 seconds
    • "h" ("hours") - hours, 3600 seconds
    • "m" ("minutes") - minutes, 60 seconds
    • "s" ("seconds") - seconds

    For example, "exp=24h" specifies the password file to expire in 24 hours.

  • The restriction "ino" specifies the password file may not be copied (this option is not available on Windows). When using the "ino" restriction please keep in mind this will also invalidate any password file restored from a backup. When restoring a backup the password file must be re-created.

  • The restriction "sys" limits use of the password file to the current system. When using the "sys" restriction please keep in mind this will invalidate any password files restored from a backup to a different system. When restoring a backup to a different system the password file must be re-created.
Any restrictions are verified when the password is used to connect to the database server. This functionality is implemented in the database client library and works across all Eloquence utilities and applications. The option -t may be used to verify a password file.

The option -P enables dbpasswd to read the user password from stdin. It is intended to allow using a subset of dbpasswd functionality in scripting. The option -P may not be used when changing the database password.

Examples

The example below shows the use of dbpasswd to change the database password. The user name "fred" is entered interactively as it is not present on the command line.
$ dbpasswd -c 
Database user name (return for fred):
fred
Enter password for fred:
Enter new password:
Confirm new password:
Password verified successfully.
dbpasswd: Password successfully updated.
The example below shows the use of dbpasswd to create a password file.
$ dbpasswd -f $HOME/.dbpasswd -r exp=1h,user -v $USER
Enter password for fred:
Password verified successfully.
NOTE: Password file will expire at 2014-08-04 19:05:15
This creates the password file .dbpasswd in the user home directory. The password file expires after one hour and is limited to the current OS user.

The example below demonstrates the use of a password file with the dbinfo utility to authorize the database access.

$ export EQ_DBUSER=file:$HOME/.dbpasswd
$ dbinfo sample
  
$ dbinfo -u file:$HOME/.dbpasswd sample
Both examples are equivalent and have the same effect. The second example specifies the password file directly while the first example uses the EQ_DBUSER variable to specify the default database credentials.

See also

dbpasswd utility and protected password files (B.08.20 release notes)


 
 
.
 
 
  Privacy | Webmaster | Terms of use | Impressum Revision:  2014-08-04  
  Copyright © 2012-2014 Marxmeier Software AG