Generating secure passwords for use with Data Collector

To prevent storing plain text passwords, run z/OS® Debugger Password File Generator to generate a keystore password properties file with an encrypted password.

About this task

z/OS Debugger Password File Generator generates a keystore password properties file with an encrypted password. Run this tool from the command line or as part of a script before you start the Data Collector. For more information, see Customizing with the sample job EQADCLSU.

Procedure

  1. Start the z/OS Debugger Password File Generator with the following command line options.

    > genpassword -tool=<recdps|recdpskeystore> -filename=<path>

    Note:
    • z/OS Debugger Password File Generator cannot run from an IDE, like the Remote Shell on IBM® Debugger for z/OS. If you are running the tool on Windows or Linux, the executable files are in the headless-cc subdirectory where you installed the product.
    • If you are running the tool on z/OS®, execute the genpassword.sh script in

      /usr/lpp/IBM/debug/headless-code-coverage/bin/.

  2. If you provide a valid path and file name, it prompts to enter a password. Type your keystore password and press Enter. The password will not be displayed on the console.
  3. If the application runs successfully, it prints the CRRDG9412I and CRRDG9415W messages on the console.
  4. Ensure that your file is both readable and writable by the user who runs the Data Collector to enable successful decryption of the password. The application does not modify the file. Run the following commands to set correct ownership and permissions:
    chown <user ID>:<user group> <path to the generated file>
chmod 600 <path to the generated file>
Note: Different encryption and decryption methods are supported depending on the Java version. You must use the same version of Java that runs the genpassword when you run the Data Collector.
The syntax diagram for the genpassword command is shown here. You can use either the single letter parameter or the complete one for each option. All parameters and values are case-sensitive.
Read syntax diagramSkip visual syntax diagramgenpassword-t,tool=<recdps|recdpskeystore>-f,filename=<path>-v,version-h,help
Options list
Format: genpassword [options]
-t,tool=recdps|recdpskeystore
Specify a tool based on which Data Collector configuration option requires the password properties file. For more information, see Customizing with the sample job EQADCLSU.
  • Use -t,tool=recdps to create a password properties file for dps_pwd_file option in the Data Collector configuration.
  • Use -t,tool=recdpskeystore to create a keystore password properties file for keystore_pwd_file option in the Data Collector configuration.
-f,filename=<path>
Specify a path to a properties file that is generated with keystore password properties. If the file already exists, a new properties file with a timestamp appended to the file name is generated.
Note: The generated keystore properties file is stored in UTF-8 regardless of the encoding of the provided file. The encoding must not be modified when passed into the Data Collector.
-v,version
Prints the product version.
-h,help
Prints the help screen.