Version 9.7
 —  LoginModules Guide  —

Creating Technical User Credential Files

Software AG Security Infrastructure provides a tool (createTechUserCreds.exe and createTechUserCreds) with which you can create technical user credential files. At a later stage, you use these files with the SSXLoginModule and thus search for and discover LDAP users securely on LDAP servers that do not support anonymous requests. By default, the tool is available in the following directory on the file system: C:/Software AG_directory/common/security/ssx_32(64)/bin/. To start the createTechUserCreds tool, you can use a command prompt. When you start the tool, you enter a user name and a password which are then encrypted and provided in the result text file.

Optionally, you can specify and use a key file to encrypt the technical user content in the result. A key file is an alternative file that is used for encryption of the result. The file encloses a string of 64 hexadecimal ASCII characters (digits 0-9, and lower case letters a-f). The initial 32 characters denote the alternate AES key and the final 32 characters denote the initialization vector.

Note:
To use this tool, the SSX libraries must be in the library path of the system environment settings (the exact name of the property is different for the different operating systems). SSX libraries are located in the bin directory on Windows and in lib directory on UNIX based operating systems.

Start of instruction setTo create a technical user credentials file

  1. Using the command prompt, open the following directory: Software AG_directory\ common\runtime\security\bin

    You cannot start the tool from a different location on the file system.

  2. Depending on the operating system, start the tool using one of the following commands:

    When you execute the tool without specifying an argument for the result file name, it still creates a text file with the corresponding technical user credentials. The file is created in the same directory in which you started the tool and has a predefined default name (techuser). To customize the invocation of the tool in the means of invocation parameters, you can use a set of pre-defined optional arguments. The available arguments and the corresponding descriptions are as follows:

    Argument Description
    -f

    Provide a name for the result text file which contains the technical user credentials. If you do not use this argument the tool creates a default result file.

    -k

    Provide an alternative key file to encrypt the result text file that contains the technical user credentials.

    user ID

    Provide full DN of the technical user or user name.

  3. Press Enter and then provide the password.

Example

createTechUserCreds.exe –f <result file name> -k <keystore file name> <user ID>

./ createTechUserCreds –f <result file name> -k <keystore file name> <user ID>

The following examples provide information about more typical use cases of the tool:

createTechUserCreds.exe –f techUser.txt cn=testuser,dc=testdomain,dc=com

createTechUserCreds.exe –f techUser.txt –k key.keystore cn=testuser,dc=testdomain,dc=com

The tool creates a text file, which contains the encrypted technical user credentials, and stores it in the same directory in which you started it. As a next step, you can provide the file to the SSXLoginModule and search for LDAP users.

Top of page