Update user ID and passwords
IBM WebSphere Portal and IBM WebSphere Application Server use some accounts from the registry (for example, the LDAP server) including administrative and bind IDs for authenticated access to databases and LDAP severs respectively, as well as the WebSphere Portal and WebSphere Application Server administrative IDs. Often this means the account passwords are stored in the WebSphere Portal and WebSphere Application Server bootstraps configuration files, which allows the authentication process to work.
Before updating any user ID or password, review "User IDs and passwords" located under Planning for WebSphere Portal.
If the password for any ID is changed (either through WebSphere Portal or through any other means, including directly through the LDAP administration interfaces), then the password value stored in the appropriate configuration file must be changed at the same time. The following instructions describe how to make the appropriate changes based on which account passwords might have changed.
If you reuse the same account ID/password for multiple purposes, such as using wpsbind as the administrative ID and the LDAP access ID, then we might have to do more than one of the following steps to accommodate the password change. Some changes, particularly changes made through the WAS admin console, require the WAS admin console is open and the current ID/password logged in before actually making the password change in the registry. Carefully plan which steps are required and in what order to avoid not being able to bring up server processes or log in.
Use the following topics to change passwords to better secure the environment.
- Change the WebSphere Portal administrator password
IBM WebSphere Portal treats wpsadmin (the administrator) as any other user, just with more permissions granted. With a normal configuration, it is possible to change the wpsadmin or equivalent password through the user interface, just like any other user can manage their own password through the user interface. However, if the wpsadmin account is also used for more than just the administrator, then additional changes, outlined in other steps in this section, must be made to accommodate the change.
- Change the WAS administrator password in the file registry
If we are using the file registry in the federation repository to store passwords, we need to change the passwords in the file registry.
- Change the WAS administrator password in the LDAP server using the LDAP administration interface
If we are using the IBM Directory Server or IBM SecureWay Security Server for z/OS and OS/390 LDAP server, we can change the WAS administrator password in the LDAP server using the LDAP administration interface. For any other LDAP server, refer to the product documentation for information about changing passwords.
- Replace the WAS administrator user ID
If we change the security configuration, we might need to replace the old IBM WebSphere Application Server administrator user ID with a new WebSphere Application Server administrator user ID.
- Replace the WebSphere Portal administrator user ID
If we change the security configuration, we might need to replace the old IBM WebSphere Portal administrator user ID with a new WebSphere Portal administrator user ID.
- Change the LDAP bind password
If we use an LDAP user registry, we must adapt the LDAP bind user ID.
- Change database passwords used by WebSphere Portal
If database passwords are modified or expired, we must specify the new passwords on the WAS and on the IBM DB2 Universal Databaseā¢ Enterprise Server Edition server so that IBM WebSphere Portal can access them.
Parent Securing