Master passwords

You can specify a master password to be used to access the encrypted user passwords of all core hosts specified during the installation of a new SA Core.

To encrypt server passwords specified during installation, invoke the installation with the --pwsave argument. When you begin an installation with the --pswave argument specified, the installer encrypts host passwords and saves them in the final CDF on completion of the installation whether a successful or failed install. See Invoking the SA Installer.

The Master Password (MP) is saved as a hash of hash SHA(SHA(MP)). SA uses this key to encrypt the host passwords of all servers that are specified as part of a new core installation and secure hash SHA(MP) is used to generate a 1024 character key and an encrypted password string which is saved on each host as root_user_password for root passwords and non_root_user_password for non-root passwords.

You specify the master password when you see this prompt at the end of the installation, specify “none” if you do not want to create a master password:

Creating temporary CDF [/var/tmp/cdf_tmp.xml]

master.password []:

Specify a master password. This password will enable encryption of the server(s) password. If "none" is specified then server(s) password will not be saved.

master.password []: *******

Invoking the Installer on an SA Core that uses a master password

When you begin an installation on a core that uses a master password, you are prompted to provide the password before continuing:

Specify a master password. This password will enable decryption of the server(s) password. Enter "none" to provide the server(s) password again.

master.password []:

The installer will use the encrypted passwords for the core hosts that were stored when you created the master password. If you specify “none” as the master password, the installer prompts you to provide passwords for each core server.