Changing users/password within Ceptor Console

In Ceptor Console, select "Security Configuration" from the menu.

Ceptor > Change Ceptor Console Users and Passwords > image2019-4-11_8-34-33.png

Then, select a group and the user in the group - then click "Edit".

Ceptor > Change Ceptor Console Users and Passwords > image2019-2-16_17-54-25.png

Here, enter a new password twice and click Update.

Changing directly in configuration file

The user ID's and passwords for access to Ceptor Console are by default stored in a file called ceptor-security.xml which is located in the config directory.

This is an example of its contents:

<?xml version="1.0" standalone="yes"?>
<system name="Ceptor" copyright="(c) 2001-2021, Ceptor ApS" version="6.4.12">
	<security-users>
		<user password="{bc}$2a$10$4MhHf9hN4N4a8Olwkb4WbuA/RBn8Tk0S.ZZ8pb0Mb3ibO/UwrmUNW" userid="admin" description="Default administration user"/>
		<user password="{bc}$2a$10$iZCAWptC2pDZLEG4tjcDEe9qbKtcOn70uQeEbqbbURSAI6V29ncbe" userid="readonly" description="Default user with readonly access"/>
		<user password="{bc}$2a$10$iZCAWptC2pDZLEG4tjcDEe9qbKtcOn70uQeEbqbbURSAI6V29ncbe" userid="apideveloper" description="Default user with access limited to API development"/>
		<user password="{bc}$2a$10$iZCAWptC2pDZLEG4tjcDEe9qbKtcOn70uQeEbqbbURSAI6V29ncbe" userid="apiadmin" description="API administrator with full access to API management, but not the rest"/>
	</security-users>
	... groups and acls not shown here
</system>

Here, you can specify userid or password for the various accounts you want to give access to the console.

The password is prefixed with a type enclosed in curled brackets, the following types are supported:

bc
BCrypt encrypted password
sha or sha1
SHA-1 password has - this is considered insecure, so you should avoid it where possible
pbkdf2
Password-Based Key Derivation Function 2
plain or empty (no prefix)
Plain or unencrypted password
encoded
Encoded / obfuscated pasword
3des
Tripple DES encrypted password
rsa
RSA private/public key encrypted password
aes
AES encrypted password

See Encrypting or Obfuscating Passwords for details on how to encrypt passwords using the command-line tool.

You can also encrypt passwords, by going into the Ceptor Console and selecting "Tools" from the menu - here, you can type in the password, encrypt it and cut'n paste the corresponding encrypted/hashed version.

Ceptor > Change Ceptor Console Users and Passwords > image2019-4-11_8-36-19.png

Note that bc, sha/sha1 and pbkdf2 are all hashed passwords - meaning they cannot be reversed/decrypted to produce the original password, where the rest of the algorithms are forms of encryption from which the original password can be recreated.

You can find more detailed information here: Ceptor Configuration Server - Access Control - also about ACLs and groups.