Services layer, the web interface, and engine share the
same key file.
When all three components are installed on the same host, they
use the same keyfile:
Check the following issues if there are problems after you enable
password encryption:
- Make sure you restarted Build
Forge® after enabling
password encryption. Ensure that all processes stopped and restarted
properly (Apache, Apache Tomcat, engine).
- Redundant consoles: if you have multiple installations of the
management console using the same database, they must all use the
same bfpwcrypt.conf file. The most secure method
is to distribute it manually rather than over the network.
- Server definitions: if Test Connection fails
in the console, be sure that the key was exported and put in the bfagent.conf file
correctly. To be sure it is a password problem, disable password encryption
and try Test Connection.
- Login: if you cannot log in after enabling password encryption,
make sure that Build
Forge® is
using the correct bfpwcrypt.conf keys in both bfclient.conf and buildforge.conf.
The buildforge.conf must be updated in the <bfinstall> directory
and in the service layer's copy of it. See Build Forge configuration file (buildforge.conf).
If all of those checks are done but the problem persists, try enabling
trace and examining the output logs.
- Web interface (UI): set the environment variable BFDEBUG_SECURITY=1.
Web
interface: output appears in files.
- Engine: start the engine in the foreground. In the installation
directory, run bfengine –d. On UNIX or Linux you
can pipe this to a file using bfengine –d 2>&1 | tee out.txt.
On Windows, you can do the same if you obtain the tee utility.
- Services: do the following:
- Stop Build Forge.
- Open the log file in an editor.
- Add the following line to the end of the file.
com.buildforge.services.common.security.level=ALL
- Start Build
Forge®.
- Inspect the output.