Managing account information

In addition to the WebSphere business integration administrator account with which you log in to administer the system, an InterChange Server environment requires three types of authorization:

Figure 18 illustrates the login requirements.

Figure 18. InterChange Server authorization requirements

The figure shows the authorization requirements for InterChange Server. The flow diagram begins in the upper left with a node called "InterChange Server Client Program" an arrow passes from this node to a large node called "InterChange Server" via a "Password" node. From the InterChange Server node two paths emerge: one leads via a "Username/Password" node to a "DBMS Server" node; the other passes through a node labelled "Connector" to a "Username/Password" node, which then passes on to a node labelled "Application".

The next sections describe each type of authorization that is shown in Figure 18..

Adapter login to the application

When role-based access control (RBAC) is active, an application client program such as an adapter must supply a user name and password in order to interact with the application. To set up an InterChange Server environment, you need application accounts for all IIOP and MQ adapters that you want to run. By default all such adapters have an application account with username guest and password guest. If RBAC is inactive the login accounts for all adapters are unused. In the current version of the server authentication is supported only for IIOP and MQ adapters, other types of adapters do not do not require login verification regardless of the RBAC status.

When you configure an adapter, you specify the application account name and password as values for the standard adapter properties, ApplicationUserName and ApplicationPassword. For more information about configuring an adapter, see the System Administration Guide.

InterChange Server password

A password protects each InterChange Server from unauthorized access only if RBAC is on. When RBAC is on, the password is required:

There is no default login account and you must create an account with a password prior to first accessing the InterChange Server.

Figure 19 illustrates the InterChange Server password.

Figure 19. InterChange Server password

The figure shows the instances where the InterChange Server password is required. Three nodes are displayed with connectors to the InterChange Server via a single node labelled "Default Password "null". The initial 3 nodes are labelled: "System Manager", "Connector" and "Load Repository".

For information on how to use System Manager to change the password, see the Implementation Guide for WebSphere InterChange Server.

In the UNIX environment with RBAC turned on, you must provide the ICS password for all tool scripts, including repos_copy and connector_manager_connector. Include the -ppassword option in these scripts. The script command line must contain the ICS password or the associated tool cannot start. When RBAC is switched off any login information is ignored, thus the same script can be used regardless of RBAC status.

DBMS access account

When you set up an InterChange Server account in the Database Management System (the DBMS access account), you can use the default user name and password or change them to other values.

If you prefer to change the user name and password, enter the new values in the InterChange Server configuration file, InterchangeSystem.cfg. The TRANSACTIONS, REPOSITORY, EVENT_MANAGEMENT, FLOW_MONITORING, and SECURITY sections of the InterchangeSystem.cfg file can contain a USER_NAME and PASSWORD parameter.

Be sure that the account that you specify in the InterchangeSystem.cfg file matches an account that is defined in the DBMS.

One DBMS server

If InterChange Server is using one data source, fill in the same user name and password for all five services.

The following is an InterchangeSystem.cfg file fragment that shows the user name interchange and the password server:

Note:
These examples are in text format to simplify the structure. As of InterChange Server 4.2, the InterchangeSystem.cfg file is in XML format.
DB2

[REPOSITORY]
DATA_SOURCE_NAME = jdbc:db2:CwldDB
USER_NAME = interchange
PASSWORD = server
 
[EVENT_MANAGEMENT]
DATA_SOURCE_NAME = jdbc:db2:CwldDB
USER_NAME = interchange
PASSWORD = server
 
[TRANSACTIONS]
DATA_SOURCE_NAME = jdbc:db2:CwldDB
USER_NAME = interchange
PASSWORD = server
 
[FLOW_MONITORING]
DATA_SOURCE_NAME = jdbc:db2:CwldDB
USER_NAME = interchange
PASSWORD = server
 
[SECURITY]
DATA_SOURCE_NAME = jdbc:db2:CwldDB
USER_NAME = interchange
PASSWORD = server
Oracle

[REPOSITORY]
DATA_SOURCE_NAME = jdbc:ibm-crossworlds:oracle://@myserver:1521:CWLD
USER_NAME = interchange
PASSWORD = server
 
[EVENT_MANAGEMENT]
DATA_SOURCE_NAME = jdbc:ibm-crossworlds:oracle://@myserver:1521:CWLD
USER_NAME = interchange
PASSWORD = server
 
[TRANSACTIONS]
DATA_SOURCE_NAME = jdbc:ibm-crossworlds:oracle://@myserver:1521:CWLD
USER_NAME = interchange
PASSWORD = server
 
[FLOW_MONITORING]
DATA_SOURCE_NAME = jdbc:ibm-crossworlds:oracle://@myserver:1521:CWLD
USER_NAME = interchange
PASSWORD = server
 
[SECURITY]
DATA_SOURCE_NAME = jdbc:ibm-crossworlds:oracle://@myserver:1521:CWLD
USER_NAME = interchange
PASSWORD = server

Multiple DBMS servers

If you partition InterChange Server's database, as described under "Partitioning database use", you must add the user name and account for each data source to the InterchangeSystem.cfg file. You can use the same user name and password for all services or create a separate account for each service. The account must have the privilege to create tables.

The following example is an InterchangeSystem.cfg file fragment. In this environment, each service uses a different data source and has a different user name and password:

Note:
These examples are in text format to simplify the structure. As of InterChange Server 4.2, the InterchangeSystem.cfg file is in XML format.
DB2

[REPOSITORY]
DATA_SOURCE_NAME = jdbc:db2:ReposDB
USER_NAME = cwrepos
PASSWORD = passwrd1
 
[EVENT_MANAGEMENT]
DATA_SOURCE_NAME = jdbc:db2:EventsDB
USER_NAME = CWevent
PASSWORD = passwrd2
 
[TRANSACTIONS]
DATA_SOURCE_NAME = jdbc:db2:TransDB
USER_NAME = CWtrans
PASSWORD = passwrd3
 
[FLOW_MONITORING]
DATA_SOURCE_NAME = jdbc:db2:FlowDB
USER_NAME = CWflow
PASSWORD = passwrd4
 
[SECURITY]
DATA_SOURCE_NAME = jdbc:db2:SecuDB
USER_NAME = CWSecu
PASSWORD = passwrd5
Oracle

[REPOSITORY]
DATA_SOURCE_NAME = jdbc:ibm-crossworlds:oracle://@server2:1521;SID=ReposDB
USER_NAME = cwrepos
PASSWORD = passwrd1
 
[EVENT_MANAGEMENT]
DATA_SOURCE_NAME = jdbc:ibm-crossworlds:oracle://@server2:1521;sid=EventsDB
USER_NAME = CWevent
PASSWORD = passwrd2
 
[TRANSACTIONS]
DATA_SOURCE_NAME = jdbc:ibm-crossworlds:oracle://@server2:1521;SID=TransDB
USER_NAME = CWtrans
PASSWORD = passwrd3
 
[FLOW_MONITORING]
DATA_SOURCE_NAME = jdbc:ibm-crossworlds:oracle://@server2:1521;SID=FlowDB
USER_NAME = CWflow
PASSWORD = passwrd4
 
[SECURITY]
DATA_SOURCE_NAME = jdbc:ibm-crossworlds:oracle://@server2:1521;SID=SecuDB
USER_NAME = CWsecu
PASSWORD = passwrd5

Copyright IBM Corp. 1997, 2004