System accounts and passwords

IBM® Content Manager uses several different accounts and passwords to access different components. These accounts and passwords are normally created during installation. Change the passwords in accordance with the security guidelines of your organization.

Shared connection ID account (ICMCONCT)

The shared connection ID is used by users who do not have individual DB2® user IDs. This account is an operating system user who should have minimal permissions. The password is saved as an encrypted string in the shared connection ID file.

To change the IBM Content Manager shared connection ID password, you can use the system administration client.

In the system administration client, click Tools > Manage Database Connection ID > Change Shared Database Connection ID to open the Change Shared Database Connection ID and Password window.

The default account name is ICMCONCT, but you can change that. If you rename the ICMCONCT user, substitute the new name for icmconct in the command to update the password.

Library server and administration database administrator accounts

A system can have multiple administrators, each with their own user IDs and passwords. The method for changing the password of an administrator depends on what type of administrator the account is and how the account was defined.

There are two types of administrators, superadministrators and subadministrators. Superadministrator accounts are always defined in the operating system. Subadministrator accounts can be defined in the operating system (with minimal permissions) or within the IBM Content Manager system. When defined in the operating system, these accounts should have only minimal permissions.

The icmadmin user ID is the library server database administrator ID for IBM Content Manager. It has the AllPrivs privilege set and is also a superadministrator for IBM Content Manager. However, icmadmin is only a suggested name for this ID. This ID can be changed during the installation and configuration of IBM Content Manager.

You might use WebSphere® Application Server custom password encryption to encrypt the library server database administrator passwords instead of the default BASE64 encoding. For example, you might use custom encryption for the default library server database account icmadmin. If you use custom password encryption, you must review information about changing the key file and decrypting and re-encrypting the password when you work with this account.

Resource manager database account

The resource manager accesses the database with this account, which is an operating system account on the system with the database. This account should have minimal permissions. The password is stored as an encrypted string in a file on the resource manager. To change the password, update the data source definition using the WebSphere Application Server administration console.

You might use WebSphere Application Server custom password encryption to encrypt the resource manager database passwords instead of the default BASE64 encoding. For example, you might use custom encryption for the default resource manager database account rmadmin. If you use custom password encryption, you must review information about changing the key file and decrypting and re-encrypting the password when you work with this account.

Resource manager administrator password

This password does not belong to an operating system account. The password is stored in the resource manager database and is stored as a property of the resource manager on the library server. It is stored as an encrypted string in both places. To change the resource manager administrator password, complete the following steps:

1. In the system administration client, click Server Definitions. Right-click the resource manager server in the details pane and select Properties. Change the password in the Password field in the Server Definition Properties window. This step changes the password stored on the resource manager.
2. Right-click your resource manager in the navigation pane and select Properties. Change the password in the Password field in the Resource Manager Properties window. This step saves the password in the library server.

Media archive password

This password, which does not belong to an operating system account, is stored as an encrypted string in the resource manager database. To change it:

1. Change the password on the media archive server.
2. Update the server definition properties for the media archive server in the system administration client.

Text search password

If you change the password for DB2 Text Information Extender or DB2 Net Search Extender, you must update the password in the system administration client. Update the password stored in the library server configuration information.

Tivoli Storage Manager password

This password, which does not belong to an operating system account, is stored as an encrypted string in the resource manager database. To change it:

1. Change the password in Tivoli® Storage Manager.
2. Update the server definition properties for the Tivoli Storage Manager server in the system administration client.

DB2 Content Manager VideoCharger password

This password, which does not belong to an operating system account, is stored as an encrypted string in the resource manager database. To change it:

1. Change the password in DB2 Content Manager VideoCharger.
2. Update the server definition properties for the DB2 Content Manager VideoCharger server in the system administration client.