Searching the Help
To search for information in the Help, type a word or phrase in the Search box. When you enter a group of words, OR is inferred. You can use Boolean operators to refine your search.
Results returned are case insensitive. However, results ranking takes case into account and assigns higher scores to case matches. Therefore, a search for "cats" followed by a search for "Cats" would return the same number of Help topics, but the order in which the topics are listed would be different.
Search for | Example | Results |
---|---|---|
A single word | cat
|
Topics that contain the word "cat". You will also find its grammatical variations, such as "cats". |
A phrase. You can specify that the search results contain a specific phrase. |
"cat food" (quotation marks) |
Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase. |
Search for | Operator | Example |
---|---|---|
Two or more words in the same topic |
|
|
Either word in a topic |
|
|
Topics that do not contain a specific word or phrase |
|
|
Topics that contain one string and do not contain another | ^ (caret) |
cat ^ mouse
|
A combination of search types | ( ) parentheses |
|
- System security
- Encryption of configuration file settings
- Encryption of operator passwords
- Encryption of client keystore passwords
- Randomly generated master keys
- Inactivity timer
- Lockout feature
- System quiesce: Login restrictions
- Mandanten file security
- Multicompany mode
- Script utilities
- Security tables
- Secure Sockets Layer (SSL) encryption and server certificates
- Support of the HTTP Strict Transport Security protocol
- Trusted sign-on
- Common Access Card (CAC) sign-on
- SAML Single Sign-On
- FIPS mode
- Tokenization
Encryption of operator passwords
The Service Manager server encrypts all operator passwords stored on the database using a SHA512 one-way encryption process that cannot be decrypted. The server automatically encrypts existing passwords on your system the first time they are accessed. You can also do a mass update of the operator table to convert all passwords at once.
You need to update the SQL mapping for the password field to accept a larger character limit. The data policy settings are as follows.
Database object | Requirement |
---|---|
Table | operator |
Field | password |
Data type | VARCHAR |
Size | 136 characters |
Automatic operator password encryption replaces the legacy data policy encryption option that was controlled by the encryptionkey
parameter. To convert to the automatic operator password encryption scheme in legacy systems, you must first turn off the existing data policy encryption. The server updates the password encryption the next time it reads the operator record.
Service Manager clients use a two-way encryption process (PBE with MD5, DES in non-FIPS mode, and AES in FIPS mode) to secure operator passwords when communicating with the server. The server decrypts the password sent from the client and then one-way encrypts it to compare the results to the encrypted value stored in the database. The server never stores the operator password in an unencrypted form.
If your Service Manager implementation uses LDAP authentication, the server must still send an unencrypted operator password to the directory service because LDAP servers are unaware of Service Manager's encryption scheme. If you require encryption between Service Manager and the LDAP server, you can configure OpenSSL or another standard encryption scheme between the two servers.
Related topics
Lightweight Directory Access Protocol (LDAP)
System Security