Changing the various passwords
Change the password for several different types of users in the IBM® Cloud Orchestrator environment.
- Built-in users:
- Database users:
- Keystore:
- During installation and upgrade, IBM Cloud
Orchestrator passwords can
contain only the following characters:
a-z A-Z 0-9 ! ( ) - . _ ` ~ @
Restriction: The passwords cannot contain spaces. - If you use external database support, contact your database administrator to change the password according to the external IBM DB2® configuration.
- For information about how to change OpenStack passwords, see the documentation for your chosen OpenStack product; for example, see Changing passwords and secrets in the IBM Cloud Manager with OpenStack documentation.
Changing the bpm_admin and tw_admin passwords
The bpm_admin and tw_admin users are required by Business Process Manager for internal operations.
- Log in to WebSphere® Application
Server:
https://$ico_server:9043/ibm/console/logon.jsp
- Expand Users and Groups, and click Manage Users.
- Select bpm_admin.
- In the User Properties panel, set the password, confirm it, and click Apply.
- On the IBM Cloud Orchestrator Server,
change the configuration files as follows:
- Back up the configuration files:
- /opt/ibm/ico/BPM/v8.5/profiles/DmgrProfile/properties/soap.client.props
- /opt/ibm/ico/BPM/v8.5/profiles/Node1Profile/properties/soap.client.props
- Edit each of the soap.client.props files
that are listed in step 5.a to find
the com.ibm.SOAP.loginUserid=bpm_admin entry, and
update the associated com.ibm.SOAP.loginPassword entry
to specify the new password as plain text:
com.ibm.SOAP.loginUserid=bpm_admin com.ibm.SOAP.loginPassword=new_bpm_admin_password
- Encrypt the password, by running the following commands:
/opt/ibm/ico/BPM/v8.5/bin/PropFilePasswordEncoder.sh /opt/ibm/ico/BPM/v8.5/profiles/DmgrProfile/properties/soap.client.props com.ibm.SOAP.loginPassword
/opt/ibm/ico/BPM/v8.5/bin/PropFilePasswordEncoder.sh /opt/ibm/ico/BPM/v8.5/profiles/Node1Profile/properties/soap.client.props com.ibm.SOAP.loginPassword
- Back up the configuration files:
- Follow the additional configuration steps that are described in Changing IBM Business Process Manager passwords in the IBM Business Process Manager Knowledge Center.
To change the password of the tw_admin user, complete the same procedure as described for the bpm_admin user, but omit step 5 and step 6. Do not modify any soap.client.props files.
Changing the db2inst1 password
The db2inst1 password must be changed in the operating system where the IBM DB2 instance is installed, as follows:
- Log in to the IBM Cloud Orchestrator Server as the root user.
- Change the operating system password for the IBM DB2 database
user db2inst1 by running the following command. After
the command, you must enter the new password.
passwd db2inst1
Changing the bpmuser password
The bpmuser user is the IBM DB2 user for Business Process Manager.
The bpmuser password must be changed in the operating system where the IBM DB2 instance is installed, and in the WebSphere Application Server console that is used by Business Process Manager.
- Update the bpmuser password in the operating
system, as follows:
- Log in to the IBM Cloud Orchestrator Server as the root user.
- Change the operating-system password for the bpmuser database
user:
passwd bpmuser
- Update the password in WebSphere Application
Server, as follows:
- Log in to the Business Process Manager WebSphere Application
Server console
as the bpm_admin user:
https://$ico_server:9043/ibm/console/logon.jsp
- Select Resources.
- Select JDBC.
- Select Data sources and click BPM Business Space data source.
- Click the option JAAS - J2C authentication data.
- Click BPM_DB_ALIAS, and insert the new password. Click Apply to validate the change.
- Repeat step 2.f for the CMN_DB_ALIAS and PDW_DB_ALIAS values.
- When prompted to save your changes, click Save directly to the master configuration.
- Test the DB connection by clicking Test connection and selecting BPM Business Space data source.
- Restart Business Process Manager.
If you get errors while synchronizing the changes, log out and log in again, and try to modify the password again.
For more information about updating passwords in WebSphere Application Server, see Updating the data source authentication alias.
- Log in to the Business Process Manager WebSphere Application
Server console
as the bpm_admin user:
Changing the IBM HTTP Server keystore password
- Log in to the IBM Cloud Orchestrator Server as root.
- Change the keystore password:
cd /opt/ibm/ico/HTTPServer/bin ./gskcmd -keydb -changepw -db key.kdb -new_pw <new_password> -pw <old_password>