Managing Security of Passwords

Caution – At this point in time, server instances that are running must not be started and running server instances must not be restarted until the SMP on their corresponding node agent has been changed. If a server instance is restarted before changing its SMP, it will fail to come up.

3.Stop each node agent and its related servers one at a time. Run the asadmin change-master-password command again, and then restart the node agent and its related servers.

4.Continue with the next node agent until all node agents have been addressed. In this way, a rolling change is accomplished.

Working with the Master Password and Keystores

The master password is the password for the secure keystore . When a new application server domain is created, a new self-signed certificate is generated and stored in the relevant keystore, which is locked using the master password. If the master password is not the default, the start-domain command prompts you for the master password. Once the correct master password is entered, the domain starts.

When a node agent associated with the domain is created, the node agent synchronizes the data with domain. While doing so, the keystore is also synchronized. Any server instance controlled by this node agent needs to open the keystore. Since the store is essentially identical to the store that was created by the domain creation process, it can only be opened by an identical master password. But the master password itself is never synchronized, meaning it is not transmitted to the node agent during the synchronization, but needs to be available with the node agent locally. This is why creation and/or starting of a node agent prompts you for the master password and you need to enter the same password that you entered while creating/starting the domain. If the master password is changed for a domain, you will have to perform the same step to change it at every node agent that is associated with this domain.

Changing the Admin Password

Encrypting the admin password is discussed in “Managing Security of Passwords” on page 99. Encrypting the admin password is strongly encouraged. If you want to change the admin password before encrypting it, use the change-admin-password command.

Consult the Admin Console online help for instructions on changing the admin password using the Admin Console.

Chapter 9 • Configuring Security

101

Page 101
Image 101
Sun Microsystems 820433510 manual Changing the Admin Password, Working with the Master Password and Keystores