Documentation update To provide a better user experience, we have now created a separate documentation space for BMC Helix Automation Console (previously called BMC Helix Vulnerability Management). Users of BMC Helix Automation Console can find the latest documentation at BMC Helix Automation Console..

Configuring the SCRAM-SHA-256 authentication

If you are using an external and non-containerized PostgreSQL database, TrueSight Automation Console uses the default MD5 authentication to communicate with the database. You can change this authentication to SCRAM-SHA-256 before or after installing TrueSight Automation Console with an external and non-containerized PostgreSQL database.

To configure the SCRAM-SHA-256 authentication

Do the following:

  1. Log in to the host where the external database is located.
  2. Backup the following files: postgresql.conf and pg_hba.conf
    Example path:
    • /var/lib/pgsql/12/data/postgresql.conf
    • /var/lib/pgsql/12/data/pg_hba.conf
  3. Update the postgreSQL.conf file:
    1. Navigate to the path where the file is available.
      Example path: /var/lib/pgsql/12/data/postgresql.conf

    2. In a text editor, open the postgresql.conf file, and replace md5 with scram-sha-256.

      #authentication timeout = 1min# 1s-600s
      password encryption = scram-sha-256# md5 or scram-sha-256
      #db_user_namespace = off
    3. Save the changes.
  4. Update the pg_hba.conf file.
    1. Navigate to the path where the file is available.
      Example path: /var/lib/pgsql/12/data/pg_hba.conf

    2. In a text editor, open the pg_hba.conf file, and add the following section:

      To allow all the hosts for incoming connections
      #Accept from anywhere
      hostall all 0.0.0.0/0 scram-sha-256

      or

      To allow only TSAC host and DB host for incoming connections
      #Allows only TSAC and DB host (DB host IP is required even if 127.0.0.1/32 (localhost) is added
      host     all             all             TSAC_HOST_IP/32         scram-sha-256
      host     all             all             DB_HOST_IP/32           scram-sha-256
    3. Save the changes.
  5. Restart the external PostgreSQL database.
  6. Log in to the database as a database user.
  7. Do one of the following:
    • (TrueSight Automation Console is already installed)
      Run the following command to reset the password.

        • ALTER USER tsac_database_user PASSWORD '<password>';
        • ALTER USER postgres PASSWORD '<password>';
    • (TrueSight Automation Console is not installed)
      Modify the password of the PostgreSQL user:
      ALTER USER postgres PASSWORD '<password>';
  8. Run the following command to confirm the authentication changes:
    SELECT rolname, rolpassword FROM "pg_authid";
  9. Do one of the following:
    • Install TrueSight Automation Console. For details, see Installing.
    • Restart the TrueSight Automation Console application.
      • ./stackmanager stop -deployment=application
      • ./stackmanager start -deployment=application
  10. Launch the TrueSight Automation Console console from the browser.

You can perform similar steps to revert to the MD5 authentication.


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*