Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
Read only

Client configuration for Setting net password encryption reqd

Go to solution
Former Member

on ā€Ž2014 Feb 27 7:00 PM

0 Likes
2,333

I am trying to enforce all connections to the Database Server, however we have  a few different type of clients connecting using several applications. I am currently gathering all the applications and settings required to be able to connect to the server successfully

ISQL and BCP

add -X switch

ASE ADO.NET Data Provider

Data Source=myASEserver;Port=5000;Database=myDataBase;Uid=myUsername; Pwd=myPassword;EncryptPassword=1;

Open Client

cat ocs.cfg

[DEFAULT]section

CS_SEC_ENCRYPTION = CS_TRUE

CS_SEC_EXTENDED_ENCRYPTION = CS_TRUE

Will Perl, Python use the same ocs.cfg file or is there another way to set the connection to allow encryption?

Others Apps

DBArtisan

On the Security Tab check option 'Enable net password encryption'

I have not found ways to set Sybase Central and Toad For Sybase

Has anyone been able to get these applications connected with 'net password encryption reqd' set to1 ?

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

dawn_kim
Product and Topic Expert
Product and Topic Expert
ā€Ž2014 Feb 27 8:14 PM


Hi,

Starting with our SDK 15.7 ESD#6 or higher you can use the ocs.cfg with both Perl and Python and inturn use the password encryption: SyBooks Online

It depends on your version of Sybase Central when you create a new ASE connection in the advanced tab put encrypt_password=true

Toad for Sybase should work also. I am not sure what version you are using the new version uses our ado.net driver so wondering if that software allows it.

Dawn

Show replies
Show replies
Former Member
ā€Ž2014 Feb 27 8:51 PM
0 Likes

Thank you for your response.

I tried that option before for Sybase Central and encountered the following error

Could not connect to the server.

JZ0LA: Failed to instantiate Cipher object. Transformation RSA/NONE/OAEPWithSHA1AndMGF1Padding is not implemented by any of the loaded JCE providers.

null

JZ0LA: Failed to instantiate Cipher object. Transformation RSA/NONE/OAEPWithSHA1AndMGF1Padding is not implemented by any of the loaded JCE providers.

  Error code=0

  SQL state=JZ0LA

null

  Error code=0

  SQL state=null

Connection parameters:

  User=sa

  Password=

  ENG=Test_Server

  encrypt_password=true

My Sybase Central Version is ==> Sybase Central Adaptive Server Enterprise Plug-in Utility/15.5/EBF 17785 ESD#1/S/1.6.0/asear155/Wed May 5 08:00:01 PDT 2010

I also found the option for Toad - similar to DBArtisan there is an option to encrypt connections. I am currently reviewing the requirements for Perl and Python. Based on your response it seems I might have to run SDK 15.7 ESD#6 or higher to take advantage of the connection option for encryption?

ryan_hansen
Product and Topic Expert
Product and Topic Expert
ā€Ž2014 Feb 27 10:50 PM
0 Likes


Hi Courtney,

You should be able to use ocs.cfg with Perl.
The entry name would be:

[SybaseASE]

I've set this up using Kerberos and Perl before this was my entry:

cat ocs.cfg

[SybaseASE]
CS_SEC_SERVERPRINCIPAL = krbServer@KRBTEST
CS_SEC_NETWORKAUTH = CS_TRUE
[firstapp.pl]
CS_SEC_NETWORKAUTH = CS_TRUE
CS_SEC_SERVERPRINCIPAL = krbServer@KRBTEST
[isql]

Python would use:
[sybpydb]

Not much of a java guy, but somehow I have this doc that shows how to setup password encryption on old Sybase Centrals.

Steps to use password encryption you have to do all of this...
1) Add the new external jar which needs to be used by Sybase Central to support extended password encryption. It should be added to Sybase Central manually following these steps:
a) Start Sybase Central, click "Tools"->"Plug-ins"
b) Select the "Adaptive Server Enterprise" plug-in and click "Properties"
c) Select the "Advanced" tab and click "Browse" to add the new external jar:
%SYBASE%\jConnect-6_0\classes\EccpressoFIPS.jar
%SYBASE%\jConnect-6_0\classes\EccpressoFIPSJca.jar

2) At this point, close Sybase Central and reboot your PC (or kill the resident "scjview.exe" or "dbisql.exe" processes).

3) After rebooting, start Sybase Central or DBISQL. Start a new Connection dialog box. Click the "Advanced" tab and add the following strings:
ENCRYPT_PASSWORD=true
JCE_PROVIDER_CLASS=com.certicom.ecc.jcae.Certicom

I would honestly download the last Sybase Central version before you cannot download it any longer.
If you didn't know Sybase Central is End Of Life.
Believe the last one is in ASE 15.7 SP100 section,
but Dawn knows the exact version.

Regards,

Ryan

Former Member
ā€Ž2014 Feb 28 2:53 PM
0 Likes

Hi Ryan,

Thank you for your response.

I tried adding the jar files for Sybase Central including killing the resident "scjview.exe" and restarting but had the same error while setting the encryption option. It has left me with the only other suggestion and that is to download the latest Sybase Central. I am not sure how to determine what is the latest from SAP site. From our site installation, this is what I see

ZIP51044415Sybase ASE 15.7 Refresh PC-ClientInfo148859915.02.2013

Dawn, can you confirm that this would be the latest version of Sybase Central. It seem it was last build a year ago.

Thank you

Muk1
Product and Topic Expert
Product and Topic Expert
ā€Ž2014 Feb 28 2:59 PM
0 Likes

Hi Courtney,

The ASE Plug-in for Sybase Central was EOL at the end of 2013. The replacement is Sybase Control Center (SCC) ASE Management Agent Plug-in. The last ASE release to ship Sybase Central was 15.7 ESD2 - it was a separate download.

Mark

Former Member
ā€Ž2014 Feb 28 3:16 PM
0 Likes

Would it be fair to say that Sybase Central does not support connection to Sybase with the configuration 'net password encryption reqd' set to 1?

ryan_hansen
Product and Topic Expert
Product and Topic Expert
ā€Ž2014 Feb 28 3:35 PM
0 Likes

Courtney,

This should work:
Example:
isql -Usa -Psybase -Sredhead

sp_configure "net password", 1

go

00:0006:00000:00013:2014/02/28 07:19:58.13 server  Received LOGINREC

LOGINREC at 0x0x145b3d838

  host=`BJCN00530235A' user=`sa' hostproc=`3600'

  int2=2 int4=0 char=6 flt=4 date=8

  usedb=1 dmpld=0 interface=0 netconn_type=0

  appname=`SC_ASE_Plugin' servername=`'

  tds_vers=(5.0.0.0) progname=`jConnect' prog_vers=(7.0.0.12)

  noshort=0 flt4=12 date4=16

  language=`us_english' setlang=0

  SECURITY:  hier=0 e2e option: 0xa1 db bulk reserved: 0x00

  HA: ssn option: 0x08 ssn handle:(0x00, 0x00,  0x00, 0x00, 0x00, 0x00)

  UNUSED: slunused:(0x00)

role=0

  charset=`iso_1' setcharset=0 packetsize=`512'

Sybase Central version 6.0.0.4790

Do you have anythign else configured on the ASE like ssl?
This was giving me errors until I turned ssl off.

Regards,

Ryan

Former Member
ā€Ž2014 Feb 28 3:48 PM
0 Likes

Thank you Ryan. This is exactly what I was looking for. It worked. Don't know why I did not see that option, it was steering right in the face

Answers (1)

Answers (1)

Former Member
ā€Ž2014 Feb 28 3:14 PM
0 Likes

Thank you Mark

Show replies
Show replies
Former Member
ā€Ž2016 Apr 20 8:59 AM
0 Likes

Hi Messam/Ryan,


We use microsoft utility isqlw  , ever since "net password encryption reqd" has been enabled we get below message

Msg 1640, Level 16, State 2, Server SERVER1, Line 0

Adaptive Server requires encryption of the login password on the network.

Msg 4002, Level 14, State 1, Server SERVER1, Line 0


In Registry string key with value name SERVER1 and value key as    "DBMSSOCN,corbsddb.lat.root.net,4100"

When we bring up isqlw we can provide username & password which works fine with above string when "net password encryption reqd" is disabled.

Is there any additional Encryption variable or any registry variable i can add to make it work??

crisnormand
Product and Topic Expert
Product and Topic Expert
ā€Ž2016 Apr 20 11:02 AM
0 Likes

Hello,

Please post your question in SCN SAP on SQL Server.

(This space is for SAP applications running on SAP ASE)

Thank you

Regards,

Cris

Former Member
ā€Ž2016 Apr 20 3:36 PM
0 Likes

done

Ask a Question