WebSphere Application Server Network Deployment, Version 6.0.x     Operating Systems: AIX, HP-UX, Linux, Solaris, Windows

Disabling custom password encryption

Before you begin

Enable custom password encryption.

Why and when to perform this task

If custom password encryption fails or is no longer required, perform this task to disable custom password encryption.

Complete the following steps to disable custom password encryption:

Steps for this task

  1. Change the com.ibm.wsspi.security.crypto.customPasswordEncryptionEnabled property to be false in the security.xml file, but leave the com.ibm.wsspi.security.crypto.customPasswordEncryptionClass property configured. Any passwords in the model that still have the {custom:alias} tag are decrypted by using the customer password encryption class.
  2. If an encryption key is lost, any passwords that are encrypted with that key cannot be retrieved. To recover a password, retype the password in the password field in plaintext and save the document. The new password must be written out using encoding with the {xor} tag with scripting or from the administrative console.

    com.ibm.wsspi.security.crypto.customPasswordEncryptionClass=com.acme.myPasswordEncryptionClass
    com.ibm.wsspi.security.crypto.customPasswordEncryptionEnabled=false

  3. Restart all processes to make the changes effective.
  4. Edit each configuration document that contains an encrypted password and save the configuration. All password fields are then run through the WSEncoderDecoder utility, which calls the plug point in the presence of the {custom:alias} tag. The {xor} tags display in the configuration documents again after the documents are saved.
  5. Decrypt and encode any passwords that are in client-side property files using the PropsFilePasswordEncoder.bat(sh) utility. If the encryption class is specified, but custom encryption is disabled, running this utility converts the encryption to encoding and causes the {xor} tags to display again.
  6. Disable custom password encryption from the client Java virtual machines (JVMs) by adding the system properties listed previously to all client scripts. This action enables the code to decrypt passwords, but this action is not used to encrypt them again. The {xor} algorithm becomes the default for encoding. Leave the custom password encryption class defined for a time in case any encrypted passwords still exist in the configuration.

Result

Custom password encryption is disabled.



Related concepts
Plug point for custom password encryption

Related tasks
Enabling custom password encryption

Task topic    

Terms of Use | Feedback

Last updated: Dec 11, 2005 4:07:15 PM CST
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/tsec_disable_custpass_encrypt.html

© Copyright IBM Corporation 2005. All Rights Reserved.
This information center is powered by Eclipse technology. (http://www.eclipse.org)