Ceptor Docs

Page tree
Skip to end of metadata
Go to start of metadata

hChanging users/password within Ceptor Console

In Ceptor Console, select "Security Configuration" from the menu.

Then, select a group and the user in the group - then click "Edit".

Here, enter a new password twice and click Update.

Changing directly in configuration file

The user ID's and passwords for access to Ceptor Console are by default stored in a file called ceptor-security.xml which is located in the config directory.

This is an example of its contents:

<?xml version="1.0" standalone="yes"?>
<system name="Ceptor" copyright="(c) 2001-2019, Asseco Denmark" version="6.2.0">
		<user password="{bc}$2a$10$4MhHf9hN4N4a8Olwkb4WbuA/RBn8Tk0S.ZZ8pb0Mb3ibO/UwrmUNW" userid="admin" description="Default administration user"/>
		<user password="{bc}$2a$10$iZCAWptC2pDZLEG4tjcDEe9qbKtcOn70uQeEbqbbURSAI6V29ncbe" userid="readonly" description="Default user with readonly access"/>
		<user password="{bc}$2a$10$iZCAWptC2pDZLEG4tjcDEe9qbKtcOn70uQeEbqbbURSAI6V29ncbe" userid="apideveloper" description="Default user with access limited to API development"/>
		<user password="{bc}$2a$10$iZCAWptC2pDZLEG4tjcDEe9qbKtcOn70uQeEbqbbURSAI6V29ncbe" userid="apiadmin" description="API administrator with full access to API management, but not the rest"/>
	... groups and acls not shown here

Here, you can specify userid or password for the various accounts you want to give access to the console.

The password is prefixed with a type enclosed in curled brackets, the following types are supported:

  • bc
    BCrypt encrypted password
  • sha or sha1
    SHA-1 password has - this is considered insecure, so you should avoid it where possible
  • pbkdf2
    Password-Based Key Derivation Function 2
  • plain or empty (no prefix)
    Plain or unencrypted password
  • encoded
    Encoded / obfuscated pasword
  • 3des
    Tripple DES encrypted password
  • rsa
    RSA private/public key encrypted password
  • aes
    AES encrypted password

See Encrypting or Obfuscating Passwords for details on how to encrypt passwords using the command-line tool.

You can also encrypt passwords, by going into the Ceptor Console and selecting "Tools" from the menu - here, you can type in the password, encrypt it and cut'n paste the corresponding encrypted/hashed version.

Note that bc, sha/sha1 and pbkdf2 are all hashed passwords - meaning they cannot be reversed/decrypted to produce the original password, where the rest of the algorithms are forms of encryption from which the original password can be recreated.

You can find more detailed information here: Ceptor Configuration Server - Access Control - also about ACLs and groups.

  • No labels