Authentication using the ltoken

Authentication tokens are stored by kwauth and by Klocwork client applications in a special file in the user's home directory. This token, called the ltoken, is used to authenticate users with tools such as kwbuildproject, kwcheck and the Web API. You can find this file as follows:

  • Windows:C:\Users\<user_name>\.klocwork\ltoken
  • Unix:~/.klocwork/ltoken

If there is no ltoken file in your .klocwork directory, run kwauth to generate the file.

Overriding the default ltoken location

You can use a custom ltoken file location by setting the 'KLOCWORK_LTOKEN' environment variable. To populate the ltoken file, set 'KLOCWORK_LTOKEN' and authenticate using kwauth. The generated ltoken is stored in the specified location instead of the default location.

Tools requiring authentication use the ltoken location specified in the 'KLOCWORK_LTOKEN' environment variable, if set. Otherwise, it uses the default location.

This does not move or copy the original ltoken file, so you must re-authorize users with kwauth before other tools can be used.

kwauth Linux example:
1  > export KLOCWORK_LTOKEN=/space/myltokenfile
2  > kwauth
3  > Login: jsmith
4  > Password:
kwcheck Windows example:
1  > set KLOCWORK_LTOKEN=C:\space\myltokenfile
2  > kwcheck run
3  ...

Failing authentication if host name is not found

You can enable kwauth to fail authentication in the case where the server host name was not found in the certificate CN or Subject Alternative Name by setting the verifyCertificate option to true. Enabling this results in the following error message if the host name cannot be found:
Unable to authenticate using SSL with <url>
To set this value to true, create a 'client_config.xml' file in your {client_tools_install_folder}\config\ folder (if it does not already exist). The file must contain the following:
<?xml version="1.0" encoding="UTF-8"?>
     <host resolveHost="false" verifyCertificate="true"/>

Note that setting resolveHost="false" is not mandatory, but doing so can prevent the Klocwork Server from resolving the wrong FQDN as the Server will use whatever host you specify in a remote server URL.