Encryption (non-FIPS 140 mode) is enabled during the installation process by default. The basis for encryption is a secret phrase that gets transformed into the file .
The transformation of the site secret into the imk.dat files differs, depending on whether encryption is set to FIPS 140 mode.
Therefore, all clients and servers using an imk.dat file must be set to the same FIPS 140 mode.
The Domain manager application use the site secret to:
- Encrypt passwords in the configuration files.
- Encrypt passwords for SNMP v3 devices in the seed files.
- Encrypt connections between programs.
During installation, encryption is enabled with a default secret phrase. This phrase is:
Not a secret
The imk.dat file can be copied. The imk.dat is located in the BASEDIR/smarts/local/conf directory.
To raise the level of security, change the secret phrase by using the sm_rebond utility. Thereafter, change the secret phrase periodically to maintain a secure system.