Refreshing credentials for a specified user
You can send a command to the WebSEAL server, instructing it to perform a credential refresh operation for all of the sessions of the specified user on the WebSEAL server.
The syntax is (entered as one line):
pdadmin> server task instance_name-webseald-host_name
refresh all_sessions user_nameEnter the above command as one continuous command line.
To obtain the server name in the correct format, use the pdadmin server list command. Then enter the pdadmin command to refresh all sessions. For example, when logged in to pdadmin as the administrative user sec_master:
pdadmin sec_master> server list
default-webseald-diamond.subnet1.ibm.com
default-webseald-cmd
pdadmin sec_master> server task default-webseald-diamond.subnet1.ibm.com
refresh all_sessions brian
DPWWA2043IThe user's credential was updated.Note that the pdadmin server task command must each be entered as one continuous command line.
A warning message is returned if the user is not logged in to the WebSEAL server.
Usage notes:
- Configure credential refresh for WebSEAL before using this pdadmin command. See Configure credential refresh.
- You must issue a separate pdadmin command for each user whose credentials are to be refreshed. You cannot refresh credentials for more than one user at a time.
- The user invoking this command must have server admin (the s ACL
bit) permission on the /WebSEAL/hostname_instance_name server
object. This permission prevents unauthorized users from performing
credential refresh operations.
Note that the name of the hostname_instance_name server object is different from the server name. To determine the exact name of the server object, use pdadmin object list. For example, when logged in to pdadmin as the administrative user sec_master:
pdadmin sec_master> object list /WebSEAL /WebSEAL/cmd-default /WebSEAL/diamond.subnet1.ibm.com-default