Generate a shadow string for a password.
gpsscli shadow [--config <gpss.json>]
gpsscli shadow {-h | --help}
The gpsscli shadow
command generates a shadowed password string for the password that you input. You may generate a shadow password for the Greenplum Database user password, or for the password that a GPSS server instance uses to authenticate a client.
If you generate a Greenplum user shadow password, you provide the output generated by the command in the PASSWORD:
property setting of your gpsscli.yaml
load configuration file.
NoteGPSS supports shadowing the Greenplum user password only on load jobs that you submit and manage with the
gpsscli
subcommands. GPSS does not support shadowed passwords on load jobs that you submit withgpkafka load
.
If you generate a shadow password for GPSS client to server authentication, you provide the output generated by the command in the Authentication:Password:
property setting of the gpss.json
GPSS server configuration file.
GPSS uses the Shadow:Key
property value specified in the --config gpss.json
file, or the default key, to encode the password that you enter, and then generates and outputs the shadow password string.
gpsscli shadow
generates a shadow password string of the following format:
"SHADOW:<shadow_password_string>"
Shadow:Key
setting, GPSS uses the key to encode the password input.
Generate a shadowed password string using the default key:
$ gpsscli shadow
please input your password
changemeCHANGEMEchangeme
"SHADOW:OH7TIH3676NIA4GQNNN3NTIEJGMGY7R2UE2A4GYUV2ED5AESDHWA"
Generate, without the user prompt, a shadowed password string using the key specified in the file named gpss.json
located in the current working directory:
$ echo changemeCHANGEMEchangeme | gpsscli shadow --config gpss.json | tail -1
"SHADOW:ERTBKXDWLAJHUF5UOGJY34QTXIBNYP4ULTWVHIUZIF4UYFPRIJVA"