Change passwords

 

+
Search Tips   |   Advanced Search

 

Contents

1. Change the WebSphere Portal administrator password
2. Change the WAS administrator password
   • Change using WebSphere Portal
   • Change password in LDAP
3. Deployment credentials
4. Database administrator password
5. Replace the WAS administrator user ID
6. LDAP administrator password within the Member Manager configuration
7. LDAP bind password
8. Change the WAS administrator password within the Member Manager configuration

 

Change the WebSphere Portal administrator password

1. Log in to WebSphere Portal as the portal administrator.

2. Click Edit My Profile.

3. Change the password in the appropriate box.

4. Click Continue.

We can change the WebSphere Portal Administrator password using an LDAP editor.

The WebSphere Portal configuration tasks that enable WebSphere security automatically set the Security Cache Timeout to a value specified in the wpconfig.properties file. Old passwords are stored in cache for this amount of time. The default value is 600 seconds.

 

Change the WAS administrator password

We can change the password for the WAS administrator user ID using the WAS Administrative Console.

See Change the deployment credentials after you change the password.

Use either the procedure to change the administrator password using WebSphere Portal or directly in LDAP as described in the next two sections to change the WAS administrator password.

 

Change the WAS administrator password using WebSphere Portal

1. Confirm that the WAS Administrative Server and Administrative Console are running.

2. Log in to the WAS Administrative Console as the WAS administrator.

3. Log in to WebSphere Portal as the WAS administrator and select Edit Profile.

4. Type a new password and click Continue.

5. In the WAS Administrative Console do one of the following, depending on the type of security installation:
   • LDAP:

     Security | Global Security | User registries | LDAP

   • Custom User registries:

     Security | Global Security | User registries | Custom

6. Change Server User Password to the new value and save the changes.

7. Restart the WebSphere Application Server.

The WebSphere Portal configuration tasks that enable WebSphere security automatically set the Security Cache Timeout to a value specified in the wpconfig.properties file. Old passwords are stored in cache for this amount of time. The default value is 600 seconds.

 

Change the WAS administrator password in LDAP

These steps are valid for changing all passwords in LDAP.

To change the WAS administrator password in LDAP if you are using IBM Tivoli Directory Server.

1. Log in to the Tivoli Directory Server Web Administration Tool.

2. Click...

   Directory management | Manage entries

3. Select the o=wps RDN and click Expand.

4. Select cn=users and click Expand.

5. Select the WAS administrator user and click Edit Attributes.

6. Click Other attributes.

7. Enter the new password in the userPassword field.

8. Click OK.

9. Exit the Tivoli Directory Server Web Administration Tool.

10. Log in to the WAS Administrative Console.

11. Click...

    Security | User Registries | LDAP

12. Type the new WAS administrator password in the Server User Password field and click OK.

13. Save the changes and restart the WAS.

The following steps are required if you are using a database user registry.

1. From the command prompt, cd to..

   cd portal_server_root/config/work/wmm/bin

2. Encrypt the new password...

   ./WPSconfig.sh -DPassword=new_password wmm-encrypt

   The script returns a value for the ASCII encrypted string.

3. Choose one of the following steps:
   • If you have a Base installation, edit...

     portal_server_root/wmm/wmmWASAdmin.xml

   • If you have a Network Deployment, refer to the Cluster section > Change Member Manager properties description.

4. Copy the value from the ASCII encrypted string and paste it in the logonPassword field of the wmmWASAdmin.xml file.

5. Restart WebSphere Portal.

 

Change the deployment credentials

The deployment credentials are required for portlet deployment. The Credential Vault stores the user ID and password in the deployment.user system vault slot. We can change the user ID and password through the Credential Vault portlet or the The XML configuration interface.

 

Change the database administrator password

If you change the password for the database administrative user, update the password information in the WAS administrative console.

 

Replace the WAS administrator user ID

To replace the WAS administrator user ID:

1. Create a new user to replace the current WAS user through the Manage Users and Groups portlet.

2. In the WAS Administrative Console do one of the following depending on the type of security installation:
   • LDAP: Click...

     Security | Global Security | User registries | LDAP

   • Custom User registries: Click...

     Security | Global Security | User registries | Custom

3. Replace the Security Server ID and Security Server Password with the new user account information from step 1. For the ID, retain the fully qualified server ID.

4. Restart WAS.

See Change the deployment credentials after you change the password.

 

Change the WAS administrator password within the Member Manager configuration

These steps are also required if you are using the Member Manager user registry.

1. Encrypt the new password:

   cd portal_server_root/config/work/wmm/bin
   ./WPSconfig.sh -DPassword=new_password wmm-encrypt

   The script returns a value for the ASCII encrypted string.

2. Choose one of the following steps:
   • If you have a Base installation, edit...

     portal_server_root/wmm/wmmWASAdmin.xml

   • If you have a Network Deployment, refer to Setting up a cluster.

3. Copy the value from the ASCII encrypted string and paste it in the logonPassword field of the wmmWASAdmin.xml file.

4. Adapt the admin logon and uniqueUserid fields to the distinguished name of the new user.

5. Restart WebSphere Portal.

If you use an external security manager such as Tivoli Access Manager, manually remove the old administrator user ID from the external security manager.

 

Change the LDAP administrator password within the Member Manager configuration

When you run the appropriate configuration tasks to enable security, WebSphere Portal encrypts your database and/or LDAP administrative passwords and stores them in...

portal_server_root/wmm/wmm.xml

Change these Member Manager passwords whenever you change the database or LDAP administrator password. This is accomplished by updating the wmm.xml file with the new encrypted password.

1. In a clustered environment, extract wmm.xml from the deployment manager machine...

   cd portal_server_root/config
   ./WPSconfig.sh check-out-wmm-cfg-files-from-dmgr

2. Encrypt the password...

   cd portal_server_root/config
   ./WPSconfig.sh wmm-encrypt -Dpassword=new_password

   The script returns a value for the ASCII encrypted string.

3. Edit...

   portal_server_root/wmm/wmm.xml

4. Copy the value from the ASCII encrypted string and paste it in the adminPassword field of the wmm.xml file.

5. In a clustered environment, check wmm.xml back into the deployment manager machine...

   cd portal_server_root/config
   WPSconfig.sh check-in-wmm-cfg-files-to-dmgr

If you also have changed the ID, you will want to run MemberFixer.

 

Change the LDAP bind password

If you are using LDAP as the user registry and did not configure Member Manager custom user registry, adapt the LDAP bind user ID using the WAS Administrative Console.

To change the LDAP bind password:

1. Confirm that the WAS Administrative Server and Administrative Console are running.

2. From the WAS Administrative Console, click...

   Security | Global Security | User registries | LDAP

3. Change the Bind Password to the new value and save the change.

4. Restart WAS.

 

Related information

• Database user registry
• Access Control
• WebSphere Portal logs

 

Parent topic:

Keeping the environment secure

 

---