How to encrypt WebNMS passwords with SHA-1 encryption

The latest hotfix PPM (greater than 15th PPM) of WebNMS supports sha-1 encryption of passwords. Here are the enhancements:

1. Encrypts user passwords in SHA-1 mode which are not decryptable
2. Encrypts other passwords (the ones which are encrypted using bin/admintools/EncryptPassword script) using AES encryption technique

Please follow the below steps:

1. Download & copy GetEncryptedPasswords.java under NMS_HOME\temp

2. Set the CLASSPATH as follows:
set CLASSPATH=%NMS_HOME%\temp;%NMS_CLASSES%\NmsServerClasses.jar;%NMS_CLASSES%\hbnlib;%NMS_CLASSES%\AdventNetNPrevalent.jar;%NMS_CLASSES%\AdventNetSnmp.jar;%NMS_CLASSES%\hbnlib\hibernate3.jar;%NMS_CLASSES%\hbnlib\dom4j-1.6.1.jar;%NMS_CLASSES%\hbnlib\commons-logging-1.0.4.jar;%NMS_HOME%\mysql\driver\mysql_connector.jar

3. Copy %NMS_CLASSES%\hbnlib\hibernate.cfg.xml under NMS_HOME\temp

4. Execute java test.GetEncryptedPasswords - It will parse the UserPasswordTable in your database (configured in hibernate.cfg.xml) and will give an output as follows:

userName  oldPassword  plainTextPassword  newEncryptedPassword
=================================================================
guest  e8c89O1f  guest   R6fQQVHUX9v28aP0Lg19cWWlHaM1IsiJ52Dof1QTb5E=
root  b96u1ae9J  public  PUvCeQbqr3hYbagHlhn7+HeiBRIiAaaZjQA7jBP4yik=

5. Note down these passwords (last column) and open the securitydbData.xml and replace the old passwords with the new values (Refer this securitydbData.xml file as what will change)

(If you had set persist_data_in_xml as false, then you need to alter the UserPasswordTable - alter UserPasswordTable set PASSWORD='PUvCeQbqr3hYbagHlhn7+HeiBRIiAaaZjQA7jBP4yik=' where USERNAME like 'root')

6. Update the WebNMS scripts as follows:
Files Changes
Add the following system properties along with other system properties while calling the main class: 
-DONEWAY_ENCRYPTION=true -DPASSWORD_ONEWAY_ENCRYPTION=com.adventnet.security.authentication.PasswordEncryptionImpl
(The -DPASSWORD_ONEWAY_ENCRYPTION is NOT mandatory if you choose to have the default encryption class. It can be changed if you need to change the encryption mechanism)
(Check the hyperlinked files as how to change these files)

7. Start the server & Login to client.
While starting the server, check the following logs in the console:

If you need to have the old encryption technique, then you need to remove the above 2 system properties (-DONEWAY_ENCRYPTION -DPASSWORD_ONEWAY_ENCRYPTION) and revert the passwords in securitydbData.xml files and UserPasswordTable (If you had set persist_data_in_xml as false)

If you need any further clarification in this regard, please get back to us.

Thanks & regards
Venkatramanan