PasswordUtilCommands group for the AdminTask object

Use the PasswordUtilCommands group to configure password encryption by using the Jython or Jacl scripting languages in the wsadmin tool. You can enable, disable, or modify password encryption, and manage the keystore for password encryption.

The PasswordUtilCommands command group for the AdminTask object includes the following commands:

enablePasswordEncryption

Generates and configures the key file and the passwordUtil.properties file, both of which are required for Advanced Encryption Standard (AES) password encryption.

Target object

None.

Required parameters

None

Optional parameters

-clientPropsLocation
Supplies the path name for the properties files to be created for the client environment. For the server environment, do not set the value because the location of the properties files is predefined as CONFIG_ROOT/cells/cell_name and cannot be changed. (String, optional)
-defaultAlgorithm
Sets the default password encoding algorithm. The available values are custom when custom encryption is enabled, xor, or aes. The default is aes. (String, optional)

[9.0.5.24 or later]Newly supported valid values are aes-128 and aes-256. These values can be specified instead of aes. Currently, aes defaults to aes-128, but this default is planned to change to aes-256 in the future.

-aesKeystore
Sets the fully qualified keystore file name. The default file is AESKey.jceks and is located in the directory that is specified on the clientPropsLocation parameter. (String, optional)
-aesKeystorePassword
Supplies the password for the AES keystore file. If no password is specified, a randomly generated password is used. (String, optional)
-aesCurrentAlias
Supplies the alias name of the key for AES encryption. The default is the newest key that was generated in the cell. Acceptable characters for the alias name are alphanumeric characters. Alphabetic characters must be lowercase. Any alphabetic uppercase characters are converted to lowercase. (String, optional)
-aesAlias
Supplies the alias name of the key to be generated. The default alias name is the cell name with a time stamp. Acceptable characters for the alias name are alphanumeric characters. Alphabetic characters must be lowercase. Any alphabetic uppercase characters are converted to lowercase. (String, optional)
-aesGenerateKeystore
Specifies whether the AES keystore is generated. The default is true. (Boolean, optional)
-aesCustomKeyManager
Supplies the custom AES Key Manager class name. (String, optional)
-updatePws
Specifies whether the default encoding algorithm encrypts all the passwords in the config directory. The default is true (Boolean, optional)
-forceGeneration
Specifies whether the existing keystore and properties files are overwritten. The default is false, which means that the files are not overwritten. (Boolean, optional)

Examples

Batch mode example usage:

  • Using Jacl:
    $AdminTask enablePasswordEncryption {-aesKeystorePassword WebAS}
  • Using Jython string:
    AdminTask.enablePasswordEncryption('[-aesKeystorePassword WebAS]')
  • Using Jython list:
    AdminTask.enablePasswordEncryption(['-aesKeystorePassword',  'WebAS'])

Interactive mode example usage:

  • Using Jacl:
    $AdminTask enablePasswordEncryption {-interactive}
  • Using Jython:
    AdminTask.enablePasswordEncryption('-interactive')

modifyPasswordEncryption

Modifies the configuration of the password encryption. The original value is unchanged unless the value is set by the parameter. To change the value to the default, use a blank string ('').

Target object

None.

Required parameters

None

Optional parameters

-clientPropsLocation
Supplies the path name for the passwordUtil.properties file of the client environment to be modified. The properties file must exist in the specified location. Do not set the value for the server environment because the location of the properties files is predefined as CONFIG_ROOT/cells/cellName and cannot be changed. (String, optional)
-defaultAlgorithm
Sets the default password encoding algorithm. The available values are custom when custom encryption is enabled, xor, or aes. The default is aes. (String, optional)

[9.0.5.24 or later]Newly supported valid values are aes-128 and aes-256. These values can be specified instead of aes. Currently, aes defaults to aes-128, but this default is planned to change to aes-256 in the future.

-aesKeystore
Sets the fully qualified keystore file name. This file must exist. The default keystore file name is in the passwordUtil.properties file. (String, optional)
-aesNewKeystorePassword
Supplies a new password for the AES keystore file. (String, optional)
-aesCurrentAlias
Supplies the alias name of the key for AES encryption. The default is the newest key that was generated in the cell. Acceptable characters for the alias name are alphanumeric characters. Alphabetic characters must be lowercase. Any alphabetic uppercase characters are converted to lowercase. (String, optional)
-aesCustomKeyManager
Supplies the custom AES Key Manager class name. (String, optional)
-updatePws
Specifies whether the default encoding algorithm encrypts all the passwords in the config directory. The default is true. (Boolean, optional)

Examples

Batch mode example usage:

  • Using Jacl:
    $AdminTask modifyPasswordEncryption {-aesNewKeystorePassword newPassword}
  • Using Jython string:
    AdminTask.modifyPasswordEncryption('[-aesNewKeystorePassword newPassword]')
  • Using Jython list:
    AdminTask.modifyPasswordEncryption(['-aesNewKeystorePassword', ' newPassword'])

Interactive mode example usage:

  • Using Jacl:
    $AdminTask modifyPasswordEncryption {-interactive}
  • Using Jython:
    AdminTask.modifyPasswordEncryption('-interactive')

disablePasswordEncryption

Disables the configuration of the password encryption. As a result, the values of xor or custom are used for the encryption algorithm.

Target object

None.

Required parameters

None.

Optional parameters

-clientPropsLocation
Supplies the path name for the passwordUtil.properties file of the client environment to be disabled. The properties file must exist in the specified location. Do not set the value for the server environment because the location of the properties files is predefined as CONFIG_ROOT/cells/cellName and cannot be changed. (String, optional)
-defaultAlgorithm
Sets the default password encoding algorithm. The available values are xor or custom when custom encryption is enabled. The default value is xor. This value is ignored when the deleteAesFiles parameter is not set or is set as true. (String, optional)
-deleteAesFiles
Deletes the passwordUtil.properties file and the associated AES keystore file. The default is true. (Boolean, optional)
-updatePws
Specifies whether the default encoding algorithm encrypts all the passwords in the configuration directory. The default is true. (Boolean, optional)

Examples

Batch mode example usage:

  • Using Jacl:
    $AdminTask disablePasswordEncryption {-deleteAesFiles false}
  • Using Jython string:
    AdminTask.disablePasswordEncryption('[-deleteAesFiles false]')
  • Using Jython list:
    AdminTask.disablePasswordEncryption(['-deleteAesFiles', 'false'])

Interactive mode example usage:

  • Using Jacl:
    $AdminTask disablePasswordEncryption {-interactive}
  • Using Jython:
    AdminTask.disablePasswordEncryption('-interactive')

deletePasswordEncryptionKey

Deletes an AES encryption key from the keystore file. This command is disabled when the custom KeyManager class is used.

The name of the key that is stored in the keystore file is an AES alias. The AES alias name uniquely identifies the key that is used for encryption or decryption. You can obtain the list of AES aliases in the keystore by running the listPasswordEncryptionKeys command.

Target object

None.

Required parameters

-aesAlias
Supplies the alias name of the key to be deleted.(String, required)

Optional parameters

-clientPropsLocation
Supplies the path name for the passwordUtil.properties file of the client environment that specifies the location of the keystore file. The properties file must exist in the specified location. Do not set the value for the server environment because the location of the properties files is predefined as CONFIG_ROOT/cells/cellName and cannot be changed.(String, optional)

Examples

Batch mode example usage:

  • Using Jacl:
    $AdminTask deletePasswordEncryptionKey {-aesAlias key1}
  • Using Jython string:
    AdminTask.deletePasswordEncryptionKey('[-aesAlias key1]')
  • Using Jython list:
    AdminTask.deletePasswordEncryptionKey(['-aesAlias',  'key1'])

Interactive mode example usage:

  • Using Jacl:
    $AdminTask deletePasswordEncryptionKey {-interactive}
  • Using Jython:
    AdminTask.deletePasswordEncryptionKey('-interactive')

listPasswordEncryptionKeys

Displays the list of key alias names and the current encryption key in the specified keystore file. The first item in the list is the current encryption key.

The current encryption key is the AES alias name that is used for encrypting passwords. This AES alias cannot be deleted.

Target object

None.

Required parameters

None.

Optional parameters

-clientPropsLocation
Supplies the path name for the passwordUtil.properties file of the client environment that specifies the location of the keystore file. The properties file must exist in the specified location. Do not set the value for the server environment because the location of the properties files is predefined as CONFIG_ROOT/cells/cellName and cannot be changed. (String, optional)

Examples

Batch mode example usage:

  • Using Jacl:
    $AdminTask listPasswordEncryptionKeys
  • Using Jython string:
    AdminTask.listPasswordEncryptionKeys()

Interactive mode example usage:

  • Using Jacl:
    $AdminTask listPasswordEncryptionKeys {-interactive}
  • Using Jython:
    AdminTask.listPasswordEncryptionKeys('-interactive')

regenPasswordEncryptionKey

Generates a new AES password encryption key, sets it as the current key for the encryption, and then updates the passwords with the new key. This command is disabled when the custom KeyManager class is used.

Target object

None.

Required parameters

None.

Optional parameters

-clientPropsLocation
Supplies the path name for the passwordUtil.properties file of the client environment that specifies the location of the keystore file. The properties file must exist in the specified location. Do not set the value for the server environment because the location of the properties files is predefined as CONFIG_ROOT/cells/cellName and cannot be changed. (String, optional)
-aesAlias
Supplies the alias name of the key to be generated. The default alias name is the cell name with a time stamp. Acceptable characters for the alias name are alphanumeric characters. Alphabetic characters must be lowercase. Any alphabetic uppercase characters are converted to lowercase. (String, optional)
-deleteOldKey
Deletes the previous encryption key when this parameter is set to true. The default is false. (Boolean, optional)
-updatePws
Specifies whether the default encoding algorithm encrypts all the passwords in the .xml files in the configuration directory. The default is true. (Boolean, optional)

Examples

Batch mode example usage:

  • Using Jacl:
    $AdminTask regenPasswordEncryptionKey {-deleteOldKey true}
  • Using Jython string:
    AdminTask.regenPasswordEncryptionKey('[-deleteOldKey true]')
  • Using Jython list:
    AdminTask.regenPasswordEncryptionKey(['-deleteOldKey', 'true'])

Interactive mode example usage:

  • Using Jacl:
    $AdminTask regenPasswordEncryptionKey {-interactive}
  • Using Jython:
    AdminTask.regenPasswordEncryptionKey('-interactive')