WebSphere® Application Server has an encoding mechanism to mask the passwords and remove all comments from the production versions of properties files.
Refer to the following sections for detailed instructions:
- Masking Passwords in WebSphere Application Server
- Changing masked passwords
Masking passwords is optional and is only valid for the following scenarios:
- Configuring IBM® Tivoli® Access Manager for e-business to perform authorization
- Configuring the Credential Vault adapter for Tivoli Access Manager
- Configuring Computer Associates eTrust SiteMinder to perform authorization for WebSphere Portal
Masking Passwords in WebSphere Application Server
Use the WebSphere Application Server encoding mechanism to mask passwords and remove all comments from the production version of WebSphere Portal. If you are using Tivoli Access Manager, you will have additional processing in the credential vault service.
- Complete all edits to the two Services.
- Save your edits.
- Run the encoding batch file by entering the command for your operating system at a command line:
- Windows®: was_profile_root\\bin\\PropFilePasswordEncoder.bat filename property_name
- UNIX®: was_profile_root/bin/PropFilePasswordEncoder.sh filename property_name
- was_profile_root is the directory path of the WebSphere Application Server installation.
- filename is the name of the target properties file for password encoding.
- property_name is the name of the specific property to be encoded. If no property name is specified, all properties in the file will be encoded.
The following three properties, found in WebSphere Portal, are likely to contain secure information:
- ExternalAccessControl.pdpw (policy director password)
You should also secure the pdpw
property, found in the WebSphere Portal.
Changing masked passwords
To change a password that has been masked, do the following:
- Use the WebSphere Application Server encoding mechanism to enter the new password in clear text in the production version of WebSphere Portal.
- Run the WebSphere Application Server encoding batch file on the new production file, as described in Masking Passwords in WebSphere Application Server . The backup copy still exists with no password but with the comments preserved.
Parent topic: External security managers: qp85