Table of Contents Previous Next



Failover Manager requires you to encrypt your database password before including it in the cluster properties file. Use the efm utility (located in the /usr/edb/efm-3.2 /bin directory) to encrypt the password. When encrypting a password, you can either pass the password on the command line when you invoke the utility, or use the EFMPASS environment variable.
# efm encrypt cluster_name [ --from-env ]
Where cluster_name specifies the name of the Failover Manager cluster.
If you include the --from-env option, you must export the value you wish to encrypt before invoking the encryption utility. For example:
If you do not include the --from-env option, Failover Manager will prompt you to enter the database password twice before generating an encrypted password for you to place in your cluster property file. When the utility shares the encrypted password, copy and paste the encrypted password into the cluster property files.
Please note: Many Java vendors ship their version of Java with full-strength encryption included, but not enabled due to export restrictions. If you encounter an error that refers to an illegal key size when attempting to encrypt the database password, you should download and enable a Java Cryptography Extension (JCE) that provides an unlimited policy for your platform.
The following example demonstrates using the encrypt utility to encrypt a password for the acctg cluster:
# efm encrypt acctg
This utility will generate an encrypted password for you to place in your EFM cluster property file:
/etc/edb/efm-3.2/acctg.properties


Please enter the password and hit enter:
Please enter the password again to confirm:
The encrypted password is: 516b36fb8031da17cfbc010f7d09359c

Please paste this into your acctg.properties file
db.password.encrypted=516b36fb8031da17cfbc010f7d09359c
The following example demonstrates using the --from-env environment variable when encrypting a password. Before invoking the efm encrypt command, set the value of EFMPASS to the password (1safepassword):
Then, invoke efm encrypt, specifying the --from-env option:
The encrypted password (7ceecd8965fa7a5c330eaa9e43696f83) is returned as a text value; when using a script, you can check the exit code of the command to confirm that the command succeeded. A successful execution returns 0.


Table of Contents Previous Next