 |
Xentara v2.0.4
User Manual
|
|
Xentara v2.0.4
User Manual
|
The passwords in the Xentara password file are encrypted using a password hash algorithm. This means that the password file cannot conveniently be managed by hand. Instead, the Xentara password tool can be used to set and remove passwords for Xentara users.
Under Linux, the Xentara password tool is called xentara-password and is located under /usr/bin. Under Windows, the Xentara password tool is called XentaraPassword.exe and is located under App in the installation directory.
The Xentara password tool can be used in two ways: interactive mode, meant for humans, and non-interactive mode, means for scripts and other applications.
If you run the tool in a terminal or console window (without redirecting the input), then it will run in interactive mode. In interactive mode, the password must be entered using the keyboard, and normal editing, like backspace, cursor keys, etc. is supported. Interactive mode is intended to be used by human beings.
If you run the Xentara password tool attached to a pipe, file, or other non-terminal stream, it will run in non-interactive mode. In non-interactive mode, the password is simply read from standard input, and no editing is possible. Non-interactive mode is intended to be used by scripts, or by other applications.
To set the password for a user, simply run the Xentara password tool with the user’s user name as parameter:
Linux:
Windows:
In interactive mode, you will be prompted to enter the new password. The password must be entered twice, to guard against typos.
In non-interactive mode, a single line of text will be read from standard input and used as the password. Any line termination, as well as any additional lines, will be silently ignored. The password need not be repeated.
To remove the password for a user manually, so that he/she can no longer sign in, use the command line option --remove (Linux) or -Remove (Windows):
Linux:
Windows:
In interactive mode, you will be asked to confirm the removal of the password. In non-interactive mode, no confirmation is required.
The Xentara password tool uses a heuristic to check the password strength. Passwords that are deemed too weak are rejected.
You can use the command line option --dont-reject-insecure-passwords (Linux) or -DontRejectInsecurePasswords (Windows) to allow the use of weak, insecure passwords. Use of this option is strongly discouraged, however, since weak passwords pose a security risk. Only use this option if you must reuse an existing password that cannot be changed to a more secure one.
Under Linux, the Xentara password tool has the following command line options:
--help
Shows help for the command line options and exits.
--version
Outputs version information and exits.
--remove
Remove the password instead of setting a new one.
--config-dir=<path> or --config-dir <path>
Specifies an additional directory to search for the user configuration file and password file before the standard locations are searched. <path> must be the path to the configuration directory. These directories are not searched for files whose path has been specified using --users or --passwords.
This option can be specified multiple times.
--users=<path> or --users <path>
Specifies the user configuration file to use. <path> must be the path to the user configuration file. If you do not specify a user configuration file, the file will be searched for in a number of standard locations.
--passwords=<path> or --passwords <path>
Specifies the password file to use. <path> must be the path to the password file. If you do not specify a password file, the file will be searched for in a number of standard locations. If the password file does not exist, then it will be created.
--dont-reject-insecure-passwords
Do not reject weak, insecure passwords. Use of this option is strongly discouraged, as weak passwords pose a security risk. Only use this option if an existing, weak password must be used that cannot be changed. Please note that empty passwords are always rejected, regardless of whether --dont-reject-insecure-passwords was specified or not.
Under Windows, the Xentara password tool has the following command line options:
-Help or /?
Shows help for the command line options and exits.
-Version
Outputs version information and exits.
-Remove
Remove the password instead of setting a new one.
-ConfigDir <path>
Specifies an additional directory to search for the user configuration file and password file before the standard locations are searched. <path> must be the path to the configuration directory. These directories are not searched for files whose path has been specified using -Users or -Passwords.
This option can be specified multiple times.
-Users <path>
Specifies the user configuration file to use. <path> must be the path to the user configuration file. If you do not specify a user configuration file, the file will be searched for in a number of standard locations.
-Passwords <path>
Specifies the password file to use. <path> must be the path to the password file. If you do not specify a password file, the file will be searched for in a number of standard locations. If the password file does not exist, then it will be created.
-DontRejectInsecurePasswords
Do not reject weak, insecure passwords. Use of this option is strongly discouraged, as weak passwords pose a security risk. Only use this option if an existing, weak password must be used that cannot be changed. Please note that empty passwords are always rejected, regardless of whether -DontRejectInsecurePasswords was specified or not.
The exit status of the Xentara password tool is 0 if the password was successfully changed, or 1 if an error occurred. In non-interactive mode, the exit status is 2 if the password was not set because it was too weak or empty.