For passwords
in configuration files, use the SAS Deployment Manager's password
update utility and supply AES-encrypted passwords.
For login passwords
in the metadata, AES encryption is used by default if you have
SAS/SECURE
(so no configuration activity is necessary in order to maximize protection).
For internal account passwords in the metadata, SHA-256 hashing is
used by default (so no configuration activity is necessary in order
to maximize protection).
Note: If the metadata server's
omaconfig.xml file specifies STOREPASSWORDS="SAS002", passwords in
metadata are stored in SASProprietary format (even if you have
SAS/SECURE).
The metadata server's omaconfig.xml file is located in your equivalent
of
SAS/Config/Lev1/SASMeta/MetadataServer/
.
CAUTION:
Passwords
that are stored in SAS003 format (or with SHA-256 hashing) become
unusable and inaccessible if SAS/SECURE is unavailable.
If you use
SAS/SECURE,
it is important to keep your
SAS/SECURE license current. If you choose
to discontinue use of
SAS/SECURE, you must revert all stored passwords
to the less secure format before you uninstall the software. To revert
login passwords, set STOREPASSWORDS="SAS002", restart the metadata
server, and use SAS Management Console to re-enter passwords in any
logins that need to include passwords. To revert internal account
passwords, set
HashPasswords="MD5"
, restart
the metadata server, and update the password in every internal account.