What is the meaning of "sharedsecrettime" parameter in SmHost.conf file?

Document ID : KB000010974
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

When you register a trusted host, the installation process:

  • Automatically generates a shared secret for the web agent
  • Stores the shared secret in the Host Configuration file (SmHost.conf) file.

If you enabled shared secret rollover when registering a trusted host, you can roll over the shared secrets for trusted hosts either manually or periodically.

During a manual or periodic shared secret rollover, shared secrets are only rolled over for agents that were configured at installation to allow rollovers.

 

Shared secret rollover occurs automatically only on servers that are configured to enable agent key generation. You enable agent key generation by selecting the Enable Agent Key Generation check box in the Keys tab of the Policy Server Management Console. This setting is enabled by default.

Question:

What is the meaning of "sharedsecrettime" parameter in SmHost.conf file?

Environment:
Supported versions of Policy Server and Web Agent combinations.
Answer:

The sharedsecrettime in the SmHost.conf specifies when the shared secret key is rolled over.

This setting is only valid if you had enabled shared secret rollover during host registration, and; then, it will show the last time the shared secret changed.

 

If the value is 0, it means that shared secret rollover was not enabled. For example:

$ cat SmHost.conf

# Host Registration File - /prod/apps/netegrity/secure-proxy/proxy-engine/conf/defaultagent/SmHost.conf

#

# This file contains bootstrap information required by

# the SiteMinder Agent API to connect to Policy Servers

# at startup.  Be sure the IP addresses and ports below

# identify valid listening Policy Servers.  Please do not

# hand edit the encrypted SharedSecret entry.

#

 

hostname="www.mycompany.com"

sharedsecret="{RC2}+R1CJBLvkCO0mteQ8Dk+4AHql2w+t0cRr7o8TXFJNCzZ763shSPh8gndbEZVXuMKa0JBb9olNWIApSsZvvgDURDjexww/yn6lmK09mvBtuWWrdrDu+toLUM7VyXyvOKe6hkrpwNGyTdW4U8fm6mYEyBRT6yXx9Xe3Wk2iIOjUWXkk9h7OhkthNtLJYZhlWJJ"

sharedsecrettime="0"

hostconfigobject="XYZHost"

# Add additional bootstrap policy servers here for fault tolerance.

policyserver="xyz1.com,44441,44442,44443"

policyserver="xyz2.com,44441,44442,44443"

policyserver="xyz3.com,44441,44442,44443"

policyserver="xyz4.com,44441,44442,44443"

requesttimeout="60"

cryptoprovider="BSAFE"

Enabledynamichco="yes"

 

 

# <EOF>

Additional Information:

For more details, please refer to the docops.ca.com product guide for the version of CA SSO you are using.