Masking passwords in External Security Manager properties files
WebSphere
Application Server has an
encoding mechanism to mask the passwords and remove all comments from the
production versions of properties files.
Perform the following steps to mask passwords and/or change masked
passwords:Note: Masking passwords is optional and is only valid for the following
scenarios:
- Configuring IBM® Tivoli® Access Manager for e-business to
perform authorization
- Configuring the Credential Vault adapter for Tivoli Access Manager
- Configuring Computer Associates eTrust SiteMinder to
perform authorization
- Complete all edits to the two Services.
- Save your changes.
- Run the appropriate task from the wp_profile_root/bin directory
to encode the password for a specific parameter within your properties file:
| Option
| Description |
| Windows
| PropFilePasswordEncoder.bat filename param_name
|
| Linux
| ./PropFilePasswordEncoder.sh filename param_name
|
where filename is the name of the target properties
file for password encoding and param_name is the name of
the specific property to be encoded. If no property name is specified, all
properties in the file will be encoded. The following parameters are likely
to contain secure information and should be encoded:
- ExternalAccessControl.pdpw (policy director password)
- ExternalAccessControl.password
- ExternalAccessControl.Agentsecret
- pdpw
- Perform the following steps to change masked passwords:
- Use the WebSphere
Application Server encoding
mechanism to enter the new password in clear text.
- Run the WebSphere
Application Server encoding
batch file on the new production file. The backup copy still exists with
no password but with the comments preserved.
Parent topic: External security managers
|
|
|
Portal, Express Beta Version 6.1