Default users

When you install IBM® Security Key Lifecycle Manager, some default administrator users are created with the necessary permissions to administer the product.

Installation of IBM Security Key Lifecycle Manager provides default administrator user IDs of WASAdmin, SKLMAdmin, and sklmdb40.

The installation must be run by a local administrative ID, which is root for AIX or Linux systems or a member of the Administrators group on Windows systems. Do not use a domain user ID to install IBM Security Key Lifecycle Manager.

The following table provides the default user IDs and guidance on specifying their passwords. Also, see Password policy.

Table 1. Administrator user IDs and passwords
User	User ID	Password
IBM Security Key Lifecycle Manager administrator	SKLMAdmin As the primary administrator with full access to all operations, this user ID has the `klmSecurityOfficer` super user role, in the group that is named `klmSecurityOfficerGroup`. This user ID is not case-sensitive. Alternatively, use `sklmadmin`. Use the `SKLMAdmin` user ID to administer IBM Security Key Lifecycle Manager. With the `SKLMAdmin` user ID, you can: View and use the IBM Security Key Lifecycle Manager interface. Change the password for the IBM Security Key Lifecycle Manager administrator. However, you cannot: Create one or more extra IBM Security Key Lifecycle Manager administrator user IDs. Do WebSphere® Application Server administrator tasks such as creating or assigning a role. Start or stop the server.	Specify and securely store a password during installation.
WebSphere Application Server administrator	WASAdmin This user ID is not case-sensitive. Alternatively, use `wasadmin` or a user ID that you specify during installation. Do not use the: `SKLMAdmin` user ID to administer WebSphere Application Server. `WASAdmin` user ID to administer IBM Security Key Lifecycle Manager. The `WASAdmin` user ID has no roles to use IBM Security Key Lifecycle Manager. This administrator user ID is the WebSphere Application Server administrator user ID. With the `wasadmin` user ID, you can: View and use only the WebSphere Application Server interface. Create one or more extra IBM Security Key Lifecycle Manager administrator user IDs, groups, and roles. Reset the password of any IBM Security Key Lifecycle Manager user ID, including the `SKLMAdmin` administrator. Start and stop the server. However, you cannot: Use the IBM Security Key Lifecycle Manager to complete tasks. For example, you cannot create IBM Security Key Lifecycle Manager device groups. Do other tasks that require access to IBM Security Key Lifecycle Manager data. The `wasadmin` user ID does not have access to IBM Security Key Lifecycle Manager data as a superuser.	Specify and securely store a password during installation. Protect the `WASAdmin` user ID in the same way that you protect the use of the `SKLMAdmin` user ID. The `WASAdmin` user ID has authority to reset the `SKLMAdmin` password and to create and assign permissions to new IBM Security Key Lifecycle Manager users.
The IBM Security Key Lifecycle Manager Db2® database
Instance owner of the database	Windows, Linux, or AIX systems: The default value is `sklmdb40`. You might specify a different value during installation. The ID is the installation default user ID for the instance owner of the database. Do not specify a user ID greater than eight characters in length. The instance name is also `sklmdb40`. If you use an existing user ID as instance owner of the IBM Security Key Lifecycle Manager database, the user ID cannot own another database instance. Note: Do not use a hyphen (-) or underscore character (_) when you specify a user ID for an existing copy of Db2.	Specify and securely store a password during installation. This password is an operating system password. If you change the password on the operating system, you must change this password. For more information, see Resetting a password. .
Database instance	The administrator ID `sklmdb40` owns a Db2 instance named `sklmdb40`.