There are seven special characters that are known to cause issues when encrypting the password for the SCS account being used by the DSE. When encrypting passwords with these characters, the encryption process can fail all-together or it can appear to process successfully, but the encrypted password is actually incorrect. If the encrypted password includes any invalid special characters, the repeated attempts by the DSE to login to CMDP will fail. These multiple failed login attempts by the DSE will lock the associated SCS account. When the SCS account is locked, the password for that account will need to be reset. The special characters are not an issue with SCS, the issue is specific to the encryption tool used for the DSE.
The failure to encrypt properly can occur regardless of if the password is encrypted by either method:
- Command line process
- g. entering the following at a DOS prompt:
- java -cp ./CypherTool.jar gov.epa.apps.tools.CypherGenerator s2c [state code] usr [user id]
- Supplied batch file(DSE_encrypt.bat)
Avoid the 7 special characters listed below when creating SCS passwords for accounts being used by the DSE:
- Percent (%)
- Carat (^)
- Ampersand (&)
- Vertical Bar (|)
- Double-quote (“)
- Less-than (<)
- Greater-than (>)
Refrain from using password generating tools when generating passwords for accounts being used by the DSE unless the tool is configured to not include the special characters listed above.
The CMDP Team strongly recommends that primacy agencies use a dedicated account with CMDP State Administrator privileges for the DSE, and not using the day-to-day accounts of their CMDP State Administrators (i.e. [AgencyCode]DSE_Admin account). This will prevent an issue with the DSE from potentially locking the CMDP State Administrator’s account. This also allows the CMDP State Administrators to use the special characters in their CMDP State Administrator accounts.
Always review the encryption results carefully to look for possible issues.