The plug-ins and the Java Proxy share a configuration file, commonly called pwsync.props. The path to this file is usually specified when registering the plug-in. The path to the configuration file is then passed to the Java Proxy on startup by the plug-in or by the command line utility that starts the proxy.
The standard java.util.Properties class parses the configuration file and replaces control-like characters with actual control characters. This means that when it reads, for example, "\\n", this will be converted to the character ‘\n'. Therefore when setting a path in that configuration file on the Windows platform the \ character should be escaped with another slash, thus \ would look like this \\.
Common parameters for all Password plug-ins in the configuration file are as follows:
The PAM plug-in logs using the UNIX syslog daemon and does not use this property.
When this property is set to true, the Password Synchronizer first checks whether the Password Storage is available. If it is available, the password is changed in the directory, then the password is sent to the Password Storage. If the check indicates that the storage is not available, the LDAP operation (a part of which is the password update) is rejected on the target system.
When the checkRepository property is set to false, the Password Synchronizer performs no checks for storage availability. The password update is performed in the directory first, then an attempt is made to store it in the Password Storage. If the password cannot be stored, a message is logged in the log file (pointed to by the logFile property) to indicate that password synchronization for this user failed.
The default value is true.
The check for availability of the Password Storage works with all Password Store components.
Parameters from this configuration file are set as Java system properties. Thus if SSL is required for the communication with any of the stores or with the ITIM servlet the following Java properties must be set in that configuration file:
Property | Value |
---|---|
javax.net.ssl.trustStore | specifies the trust store for the JVM |
javax.net.ssl.trustStorePassword | specifies the password of the trust store
this should be encrypted using the encryptPasswd utility |
javax.net.ssl.trustStoreType | the type of the trust store (usually jks) |
javax.net.ssl.keyStore | specifies the key store of the JVM |
javax.net.ssl.keyStorePassword | specifies the password for the key store
this should be encrypted using the encryptPasswd utility |
javax.net.ssl.keyStoreType | the type of the key store (usually jks) |
Any additional parameters in the configuration file are specific to the actual Password plug-in; see the relevant section for more details.