Encrypt passwords

Passwords can be encrypted for both the host and the client by using the AES_256 algorithm (AES with a 256-bit key).

On the host side, passwords can be encrypted (and decrypted for verification during authentication) by using a host key, a symmetric key stored on the host in encrypted form. You can choose an encryption key in a keystore to be the host key.

On the client side, the nzpassword command is used to store the user passwords. Individual clients have unique client keys to encrypt the user passwords. For more information about nzpassword usage, see the IBM® Netezza® Database User’s Guide.

When nzpassword is used for the first time, it generates a native client key, which is stored on the client machine and serves to encrypt the user passwords on the client. The administrator does not choose this key, it is generated by the system.

Note: The keystore encryption process and utilities are not related to the Netezza Performance Server SQL Extensions toolkit encryption functions.