The PropFilePasswordEncoder command
encodes passwords that are located in plain text property files. This
command encodes both Secure Authentication Server (SAS) property files
and non-SAS property files. After you encode the passwords, a decoding
command does not exist.
Avoid trouble: If you need to custom encode passwords
in property files, manually edit the PropFilePasswordEncoder.sh or
PropFilePasswordEncoder.bat file before issuing this command. See
the topic Implementing custom password encryption for a description
of the lines that need to be added to this file.
gotcha
Note: To enable
PropFilePasswordEncoder to print out more a debug message than in
previous releases, update the command by entering the following:
-Dcom.ibm.websphere.security.passwordEncoderDebug=true
To run this script, your user profile
must have *ALLOBJ authority.
Syntax
Parameters
The following option is available
for the PropFilePasswordEncoder command:
fileName
- This required parameter specifies the name of the file in which
passwords are encoded.
- passwordPropertiesList
- This parameter is required if you are encoding passwords in property
files other than the sas.client.props file. Specify
one or more password properties that you want to encode. The password
properties list should be delimited by commas.
- -SAS
- This parameter is required if you are encoding passwords in the sas.client.props file.
-profileName
- This parameter is optional. The profile value specifies an application
server profile name. The script uses the password encoding algorithm
that it retrieves from the specified profile. If you do not specify
this parameter, the script uses the default profile.
- -noBackup
- This parameter is optional and the default. The script does not
create a backup file. The default value can be altered by adding following Java System Property: "-Dcom.ibm.websphere.security.util.createBackup=true".
- -Backup
- This parameter is optional. The script creates a backup file, <file_name>.bak,
which contains passwords in clear text.
- -help or -?
- If you specify this parameter, the script ignores all other parameters
and displays usage text.
![[IBM i]](../images/iseries.gif)
The following command encodes the passwords in
the
soap.client.props file for the default stand-alone
application server profile:
app_server_root/bin/PropFilePasswordEncoder
profile_root/default/properties/soap.client.props
com.ibm.SOAP.loginPassword,com.ibm.ssl.keyStorePassword,com.ibm.ssl.trustStorePassword
Attention: These commands are displayed on multiple lines for
illustrative purposes only.