|
The dbpasswd utility may be used to create protected database password
files and/or to change user database passwords. This provides a convenient
and secure option to change database user passwords and avoid using clear
text passwords.
Database password files may be used to authenticate with the database
server (for example, using the EQ_DBUSER environment variable).
The dbpasswd utility adds the option to use protected password files
and to impose additional restrictions on their use, such as expiration
period, operating system user or host system.
usage: dbpasswd [options] [user]
options:
-help - show usage (this list)
-f fname - create password file
-r opt[,...] - restrict password file (comma separated list)
user[=name] - restrict to OS user
exp[=#[dhms]] - specify expiration period
ino - restrict copying password file
sys - restrict to current system
-c - change database user password
-v - verify password against database server
-t fname - test password file
-h host - host name or address (and service)
-s service - service name or port number
-d flags - debug flags
-P - use stdin to read password
The dbpasswd utility may be used to change the database password,
verify the database password and/or create a password file.
An option -f, -c, -v or -t must be present to specify the dbpasswd
function.
The option -c specifies to change the database password. The old and
new passwords must be entered interactively.
The option -v may be used to verify the user password against the
database server. This is useful to ensure the password file is valid.
The option -v is implied when changing a password.
If the option -c or -v is present, the database server is connected.
The -h and/or -s options may be used to specify the database server
host and service. When not present the default is used (the EQ_DBSERVER
environment variable may be used to specify the default).
The option -f specifies to create a protected password file.
The database password is stored in encrypted form along with optional
restrictions on the use of the password file.
The option -r may be used to specify a comma separated list of password
file restrictions.
Any restrictions are verified when the password is used to connect to the
database server. This functionality is implemented in the database client
library and works across all Eloquence utilities and applications.
The option -t may be used to verify a password file.
The option -P enables dbpasswd to read the user password from stdin. It is intended
to allow using a subset of dbpasswd functionality in scripting.
The option -P may not be used when changing the database password.
The example below shows the use of dbpasswd to change the database
password. The user name "fred" is entered interactively as it is not
present on the command line.
$ dbpasswd -c
Database user name (return for fred):
fred
Enter password for fred:
Enter new password:
Confirm new password:
Password verified successfully.
dbpasswd: Password successfully updated.
The example below shows the use of dbpasswd to create a password file.
$ dbpasswd -f $HOME/.dbpasswd -r exp=1h,user -v $USER
Enter password for fred:
Password verified successfully.
NOTE: Password file will expire at 2014-08-04 19:05:15
This creates the password file .dbpasswd in the user home directory.
The password file expires after one hour and is limited to the
current OS user.
The example below demonstrates the use of a password file with the dbinfo
utility to authorize the database access.
$ export EQ_DBUSER=file:$HOME/.dbpasswd
$ dbinfo sample
$ dbinfo -u file:$HOME/.dbpasswd sample
Both examples are equivalent and have the same effect. The second example
specifies the password file directly while the first example uses the
EQ_DBUSER variable to specify the default database credentials.
dbpasswd utility and protected password files (B.08.20 release notes)
|
