Changing passwords
Use the following instructions to change passwords to better secure the portal environment.
- Changing the WebSphere Portal administrator password
- Changing the WAS administrator password
- Replacing the WAS administrator user ID
- Changing the minimum length for user password in WebSphere Portal
- Changing the database administrator password
- Changing the Member Manager password ( change the Member Manager password whenever you change the database or LDAP administrator password)
- Related information
Changing the WebSphere Portal administrator password
- Log in to WebSphere Portal as the portal administrator.
- Click Edit my profile.
- Change the password in the appropriate box.
- Click Continue.
The WebSphere Portal configuration tasks that enable WebSphere security automatically set the Security Cache Timeout to a value specified in the wpconfig.properties file. Old passwords are stored in cache for this amount of time. The default value is 600 seconds.
Changing the WAS administrator password
You can change the password for the WAS administrator user ID via the WAS Administrative Console. For complete information about WAS security, including changing passwords for administrative accounts, see the WAS documentation.
You can also change the WAS administrator password using the procedures below. Changing the WAS administrator password using WebSphere Portal is the recommended procedure; however, this procedure works only if the WAS administrator and the WebSphere Portal administrator are the same.
Changing the WAS administrator password using WebSphere Portal
- Make sure the WAS Administrative Server and Administrative Console are running.
- Log in to the WAS Administrative Console as the WAS administrator.
- Log in to WebSphere Portal as the WAS administrator and select Edit Profile.
- Type a new password and click Continue.
- In the WAS Administrative Console do one of the following, depending on the type of security installation:
- LDAP: Click Security User Registries LDAP.
- Custom User Registry: Click Security User Registries Custom.
- Change Server User Password to the new value and save the changes.
- Restart WAS.
The WebSphere Portal configuration tasks that enable WebSphere security automatically set the Security Cache Timeout to a value specified in the wpconfig.properties file. Old passwords are stored in cache for this amount of time. The default value is 600 seconds.
Changing the WAS administrator password in LDAP
These instructions explain how to change the WAS administrator password in LDAP if you use IBM Directory Server. If you use a different type of LDAP server, refer to the product documentation for information about changing passwords.
- Log in to the IBM Directory Server Web Administration Tool.
- Click Directory management manage entries .
- Select the o=wps RDN and click Expand.
- Select cn=users and click Expand.
- Select the WAS administrator user and click Edit Attributes.
- Click Other attributes.
- Enter the new password in the userPassword field.
- Click OK.
- Exit the IBM Directory Server Web Administration Tool.
- Log in to the WAS Administrative Console.
- Click Security User Registries LDAP.
- Type the new WAS administrator password in the Server User Password field and click OK.
- In the WAS administrative console, select Security Global Security and click Reset.
Changing the minimum length for user password in WebSphere Portal
When modifying an existing user's profile, you change the user's password to a string of 4 characters and click Continue. You receive the following message: "Length has to be at least 5 characters." The default length is 5 characters. Follow these steps to change the password length:
- Open the puma.properties file for editing, which is located in wp_home/shared/app/config.
- Modify puma.PASSWORD.min=value to the required password length.
- Save the changes.
The minimum value for the password field is 1. Anything lower will cause the password modification to fail. This field also pertains to the new user registration process on the portal server. Finally, you can also set the maximum number of characters for a password string by using the puma.PASSWORD.max field.
Changing the database administrator password
If you change the password for the database administrative user, update the password information in the WAS administrative console. See the WAS documentation for details about modifying database passwords.When a user’s password is changed on an IBM® DB2® database server in an IBM Workplace™ Collaboration Services configuration, perform the steps below in the IBM WebSphere Administrative (Admin) Console to change all instances of the password.
- Change the password for each J2C Authentication Data Entry to allow the V5 data sources of WebSphere Portal to connect once the portal server is restarted.
- In the Admin Console, click Security -< JAAS Configuration -< J2C Authentication Data
- Change the password for the following roles: wmmDBAuth; wpsDBAuth; and fdbkDBAuth.
- Change the password for each of the V4 Data Sources, to allow the WPCP component of WebSphere Portal to connect to its data sources.
- In the Admin Console, click Resources-< JDBC Providers -< wpcp50 -< JDBC Data Sources (v4)
- Change the password for the following data sources: feedback5DS; brbDS; and wpcpdfd5.
Once you have saved the changes and restarted WebSphere Portal, be able to Test Connection for each data source.
- Optional (as instructed by IBM Support) If you have specified the user ID and password in the WCM.properties file, update the password: file:%was_home%\wpcp\config\WebSphere_Portal\author\WCM.properties
Replacing the WAS administrator user ID
- Create a new user via the Manage Users and Groups portlet. This new user will replace the current WAS user.
- In the WAS Administrative Console do one of the following, depending on the type of security installation:
- LDAP: Click Security User Registries LDAP
- Custom User Registry: Click Security User Registries Custom
- Replace the Security Server ID and Security Server Password with that new user account information from step 1. For the ID, retain the fully qualified server ID.
- Restart WAS.
If you use an external security manager such as Tivoli Access Manager, manually remove the old administrator user ID from the external security manager.
Changing the Member Manager password
When you run the appropriate configuration tasks to enable security, WebSphere Portal encrypts the database and LDAP administrative passwords and stores them in <wp_root>/shared/app/wmm/wmm.xml .
If you change the database password, update the datasource information using the WebSphere Administrative Console.
If you change the LDAP password, update the wmm.xml file with the new encrypted password by following the instructions below.
Follow these steps:
- From a command prompt, change to the <wp_root>/config/work/wmm/bin directory, where <wp_root> is the WebSphere Portal installation path.
- Encrypt the new password by entering the appropriate command:
where <new_password> is the new password.
- The script returns a value for the ASCII encrypted string.
- Open the <wp_root>/shared/app/wmm/wmm.xml file with a text editor.
- Copy the value from the ASCII encrypted string and place it in the adminPassword field of wmm.xml.
See also