Sun Microsystems 820433510 Workingwith the Master Password and Keystores, Changing the AdminPassword

Caution– At this point in time, server instances that are running must not be started and

runningserver instances must not be restarted until the SMP on their corresponding node

agenthas been changed. If a server instance is restarted before changing its SMP,it will fail to

comeup.

3. Stopeach node agent and its related servers one at a time. Run the asadmin

change-master-passwordcommand again, and then restart the node agent and its related

4. Continuewith the next node agent until all node agents have been addressed. In this way, a

rollingchange is accomplished.

Whena node agent associated with the domain is created, the node agent synchronizes the data

withdomain. While doing so, the keystore is also synchronized. Any server instance controlled

bythis node agent needs to open the keystore. Since the store is essentially identical to the store

thatwas created by the domain creation process, it can only be opened by an identical master

password.But the master password itself is never synchronized, meaning it is not transmitted to

thenode agent during the synchronization, but needs to be available with the node agent

locally.This is why creation and/or starting of a node agent prompts you for the master

passwordand you need to enter the same password that you entered while creating/starting the

domain.If the master password is changed for a domain, you will have to perform the same step

tochange it at every node agent that is associated with this domain.

ManagingSecurity of Passwords