Why and when to perform this task
The WebSphere Application Server has several plain text passwords. These passwords are not encrypted, but are encoded. The following is a list of files with encoded passwords:File name | Additional information |
---|---|
security.xml | The following fields contain encoded passwords:
|
sas.client.props | |
war/WEB-INF/ibm_web_bnd.xml | Specify passwords for the default basic authentication for the "resource-ref" bindings within all descriptors (except in the Java crytography architecture) |
ejb jar/META-INF/ibm_ejbjar_bnd.xml | Specify passwords for the default basic authentication for the "resource-ref" bindings within all descriptors (except in the Java crytography architecture) |
client jar/META-INF/ibm-appclient_bnd.xml | Specify passwords for the default basic authentication for the "resource-ref" bindings within all descriptors (except in the Java crytography architecture) |
ear/META-INF/ibm_application_bnd.xml | Specify passwords for the default basic authentication for the "run as" bindings within all descriptors |
server.xml | The following fields contain encoded passwords:
|
resource.xml (for cells, servers, and nodes) | The following fields contain encoded passwords:
|
ws-security.xml | |
ibm-webservices-bnd.xmi | |
ibm-webservicesclient-bnd.xmi | |
/properties/soap.client.props | |
/properties/sas.tools.properties | |
/properties/sas.stdclient.properties | |
wsserver.key |
Steps for this task
If you are re-encoding SAS properties files, type PropFilePasswordEncoder "file_name" -sas and the PropFilePasswordEncoder file encodes the known SAS properties.
If you are encoding files that are not SAS properties files, type PropFilePasswordEncoder "file_name" password_properties_list
"file_name" is the name of the z/SAS properties file. password_properties_list is the name of the properties to encode within the file.
Use the PropFilePasswordEncoder utility to encode WebSphere Application Server password files only. The utility cannot encode passwords contained in XML files or other files that contain open and close tags.
Results
If you reopen the affected file or files, the passwords do not display in plain text. Instead, the passwords appear encoded. WebSphere Application Server does not provide a utility for decoding the passwords.