Generating secure keystore passwords for Remote Debug Service

To prevent storing plain text passwords, run z/OS® Debugger Password File Generator to generate a keystore password properties file with an encrypted password.

About this task

z/OS Debugger Password File Generator generates a keystore password properties file with an encrypted password. Run this tool from the command line before starting the Remote Debug Service. For more information, see Starting and stopping the headless code coverage collector.

Procedure

  1. Start the z/OS Debugger Password File Generator with the following command line options.

    > genpassword -tool=rds -filename=<path>

    Note:
    • z/OS Debugger Password File Generator cannot run in the Remote Shell. If you are running the tool on Windows or Linux, the executable files are in the headless-cc subdirectory where you installed the product.
    • If you are running the tool on z/OS®, execute the genpassword.sh script in

      /usr/lpp/IBM/debug/headless-code-coverage/bin/.

  2. If the provided path and file name is valid, it prompts the user to enter a password. Type your keystore password and press Enter. The password will not be displayed on the console.
  3. If genpassword runs successfully, it prints and you will see the messages CRRDG9412I and CRRDG9415W on the console.
  4. Secure your file with appropriate file system permissions.
Note: Different encryption and decryption methods are supported depending on the Java version. You must use the same version of Java that runs the genpassword when you run the headless code coverage.
The syntax diagram for the genpassword command is shown here. You can use either the single letter parameter or the complete one for each option. All parameters and values are case-sensitive.
Read syntax diagramSkip visual syntax diagramgenpassword-h,help-v,version-t,tool=<ccs|ccdaemon|rds>-f,filename=<path>
Options list
Format: genpassword [options]
-t,tool=<ccs|ccdaemon|rds>
Specify a tool where you use the keystore properties file.
Note: genpassword can also be used to generate encrypted passwords that can be used with headless code coverage. See Generating secure keystore passwords for code coverage.
-f,filename=<path>
Specify a path to a properties file that is generated with keystore password properties. If the file already exists, a new properties file with a timestamp appended to the file name is generated.
Note: The generated keystore properties file is stored in UTF-8 regardless of the provided file's encoding. The encoding must remain in UTF-8 when passed into the Remote Debug Service.
-v,version
Prints the product version.
-h,help
Prints the help screen.