The Db2 password on the computers
that host the master servers in a Multi-Master cluster must be the same. After you change or reset
this password at the operating system level, you must update it in IBM Security Guardium Key Lifecycle Manager as well so that IBM Security Guardium Key Lifecycle Manager can continue to connect to the Db2 database.
About this task
The password of the Db2
Administrator user must be the same as that of the Db2 data source password in WebSphere Application Server Liberty.
You need to change the Db2 password at the operating system level in accordance
with the password expiration policy as defined by your organization. If the password expires, the
IBM Security Guardium Key Lifecycle Manager graphical user interface displays a
data-loading error. You must then reset the Db2
password and update it in IBM Security Guardium Key Lifecycle Manager. To update
the password on the operating system, you must be the database instance owner on an AIX® or Linux® system, or
the Local Administrator on a Windows system.
Note: The
password of the Db2 Administrator user must be
the same on all the master servers of the IBM Security Guardium Key Lifecycle Manager Multi-Master cluster.
During the password
change process, the Multi-Master cluster operates in maintenance mode. For more information, see Maintenance mode of a Multi-Master cluster.
Procedure
On every master server (HADR and non-HADR)
- Set the Db2PasswordChangeActivity property in the
MMConfig.properties file to true.
- Update the Db2 password on
the operating system.
For more information, see:
On any master server
- Change the Db2 data source
password that is configured in WebSphere Application Server Liberty:
- Using graphical user interface
- Log in to the graphical user interface.
- On the header bar, click SKLM User and select
Change Database Password.
SKLM
User is the user with which you have logged into the graphical user
interface.
- In the Change Database Password window, type the new password.
- Click Submit.
- Using REST interface
- Open a REST client.
- Run Update Db2 Password in Multi-Master Cluster REST Service. Specify
the system token and the new password in the HTTP request when you run the REST service. For
example, you can send the following HTTP
request:
PUT https://localhost:port/SKLM/rest/v1/ckms/changePassword/db2/multimaster
-H 'accept: application/json' \
-H 'Accept-Language: en' \
-H 'System-Token: knp1LA4LFM/luCq2oKrVivU88m9sSWnvIrZFGSceBt8=' \
-H 'Authorization: SKLMAuth userAuthId=237acb15-3a98-4c8e-8b0a-2cd7e09768bc' \
-H 'Content-Type: application/json' \
-d '{
"newDb2Password": "SKLM@db2"
}'
On every master server (HADR and non-HADR)
- Set the Db2PasswordChangeActivity property in the
MMConfig.properties file to false.
Results
The Db2 password is updated
and Guardium Key Lifecycle Manager server agent can connect to the Db2 database.