By default, you need to supply the ID and password when starting up/shutting down the deployment manager, node or application server. Example of the command as below
Deployment Manager
//bin/startManager.sh -username XXX -password XXX
Node
//bin/startNode.sh -username XXX -password XXX
Application Server
//bin/startServer.sh -username XXX -password XXX
The steps to encrypt the password and ID is as follows.
Insert the ID and password in clear text into the SOAP properties file at //properties/soap.client.props.
# grep SOAP.login soap.client.props | grep -v “#”
com.ibm.SOAP.loginUserid=wasadm
com.ibm.SOAP.loginPassword=wasadm
com.ibm.SOAP.loginSource=prompt
We use the IBM provided script to encode the password.
//bin/PropFilePasswordEncoder.sh //profiles/default/properties/soap.client.props com.ibm.SOAP.loginPassword -Backup
Taking a look at the same property file again, the password is now encrypted.
# grep SOAP.login soap.client.props | grep -v “#”
com.ibm.SOAP.loginUserid=wasadm
com.ibm.SOAP.loginPassword={xor}Es4zPjwS
com.ibm.SOAP.loginSource=prompt
Now, we can start up websphere and shut down without using the password.
su wasadm -c “//bin/startManager.sh”
su wasadm -c “//bin/startNode.sh”
su wasadm -c “//bin/startServer.sh ”
su wasadm -c “//bin/stopManager.sh”
su wasadm -c “//bin/stopNode.sh”
su wasadm -c “//bin/stopServer.sh ”
end.
======================
Some trival.
How come IBM prefers to use XOR instead of some stronger algorithm like how weblogic uses 3DES? XOR is good enough only to prevent casual snooping.
Someone demonstrated that with a online decoder
http://www.poweredbywebsphere.com/decoder.html
Recent Comments