FMS Login
INTERNAL Users: The user's password is hashed with the MD5 algorithm and the resulting digest is stored in the Foglight database. User passwords are therefore not stored anywhere, in encrypted or in clear text form.
LDAP Users: Passwords are encrypted with Triple DES. A default 112-bit Triple DES encryption key is used in all cases of installations of Foglight®.
Backend Database
The password for the FMS database is stored in server.config. It can (DESede) using /bin/keyman.[sh|bat] encpwd "password" foglight.defaultkey.
Agent Credentials
Agents usually get credentials for monitoring in one of the following ways.
1. Password values in Agent Properties: All agent properties are stored encrypted (with Triple DES) in an XML configuration file on the monitored host.
2. Credentials managed via the Credential UI. Foglight® Agent Manager (FglAM) implements a communication layer with XML messages sent to the Management Server over HTTP(S). These messages are sent to the same ports that the Management Server uses for all HTTP-based traffic, including the Web applications.
The Agent Manager allows the user to configure HTTP or HTTPS URLs for the Management Server, or a combination of both. When HTTPS is used, the Agent Manager rejects invalid certificates by default -- either self-signed, signed by an unrecognized certificate authority, or a certificate that declares a Common Name that does not match the Management Server host name (thus providing protection against man-in-the-middle attacks). Certificates can be added to the Agent Manager keystore. Like a Web browser, Agent Manager supports configuration options to relax these certificate verification controls, but these options will reduce the security provided by the SSL mechanism. If the Management Server is configured to only allow HTTPS access, the Agent Manager must be configured with an HTTPS URL to connect to the Management Server. By default, the Management Server uses the SSL_RSA_WITH_RC4_128_MD5 cipher suite (RSA, RC4, and MD5) for its communication with the Agent Manager.
