InfoCenter Home >
6: Administer applications >
6.6: Tools and resources quick reference >
6.6.0: About user assistance >
6.6.0.2: Command line administration >
6.6.0.2.1: XMLConfig command line interface for XML configuration >
6.6.0.2.1.3: XMLConfig - Using the tool programmatically >
6.6.0.2.1.3.1: XMLConfig - Passwords and variable substitution

6.6.0.2.1.3.1: XMLConfig - Passwords and variable substitution

Passwords are required for the WebSphere security configuration, but exposing passwords during an XML import or export by putting an unencrypted password in the XML text file would create an unacceptable security risk. Thus, WebSphere Application Server uses special password tags in the exported XML file that signify XML variables that replace the real passwords during an import. Consequently, the passwords are only part of the XMLConfig command line, which you can clear after invoking the utility.

Three of the password variables have constant names while the others depend on the name to what they are related. The three constant variable names are:

server-password

This is the password for the ID that has all permissions and rights to access the administrative server. It is the password that is entered during the installation process, and the one that appears on the User Registry tab of the Configure Global Security Settings task.

ltpa-password

This is the password for generating LTPA keys. It is the password entered on the LTPA Password dialog when changing the Authentication Mechanism to LTPA for the first time.

ldap-bindpwd

This is the password that the security server will use to bind to an LDAP directory during searches. It is the password entered on the User Registry tab of the Configure Global Security Settings task when LTPA is the Authentication Mechanism.

<enterprise app name>_AppSecurityPwd [where <enterprise app name> is the name of an enterprise application with a defined application identity]

This is the password associated with the identity defined as the application identity. Application identities are set on the last panel of the Configure Application Security task and are limited to users defined in the configured user registry.

All password variables must be substituted on the XMLConfig command line using the -substitute parameter. Multiple substitutions are separated by a semicolon. For example, the server-password and LTPA-password variables may be substituted with the following command line:

XMLConfig -import was.xml -adminNodeName myhost -substitute "server-password=pwd1;LTPA-password=pwd2"
Go to previous article: XMLConfig - Using the tool programmatically Go to next article: XMLConfig - User registry searches

 

 
Go to previous article: XMLConfig - Using the tool programmatically Go to next article: XMLConfig - User registry searches