Advanced Configuration to Manage Master Password
The configPassman.cnf file contains additional configuration settings for password encryption. The file consists of a number of properties, some of which are commented out in the default configuration.
As shipped, the configPassman.cnf file specifies that passwords are stored in the config/txnPassStore.dat file and encrypted using Password-Based Encryption (PBE). In addition, it specifies that the master password is stored in the config/empw.dat file. Properties that can be used to specify other settings are commented out.
If you want to change these optional settings, you must edit the configPassman.cnf file. The file must always specify the following:
- Encryption method for passwords.
- Location of the file that contains the passwords.
- Method webMethods API Gateway uses to obtain the master password.
The following sections describe the configPassman.cnf file in detail and how to change password and master password settings.
Working with Password Settings
This section describes how to use the configPassman.cnf file to change settings for passwords.
Controlling Name and Location of Password File
The default file name and location for the password file is in the server instance’s home directory under config/txnPassStore.dat. To change it, locate and modify the following property:
outbound.password.field.fileName=config/txnPassStore.dat
This property must always be present and uncommented. If you want to change the file name or location, change the right hand side only. You can specify an absolute or relative path. In the path name, use the forward slash (/) only; the backward slash (\) is not supported.
Controlling Encryption of Outbound Password File
The default encryption method for the password file is Password-Based Encryption (PBE). To change it, locate the following properties and uncomment a different method. One and only one of these properties must always be uncommented.
| Property | Description | Security |
|---|---|---|
default.encryptor=EntrustPbePlus
|
This denotes PBE encryption. | Most secure |
#default.encryptor=Base64
|
This denotes Base64 encoding. | Not secure |
#default.encryptor=None
|
This denotes Clear text. | Not secure |
Working with Master Password Settings
By default, the master password is stored in the file config/empw.dat under the server instance’s home directory, but if you prefer, you can configure webMethods API Gateway to prompt for the master password at server initialization. The following sections describe how to tell webMethods API Gateway which method to use.
Storing the Master Password in a File
To store the master password in a file, use the following properties:
| Property | Description |
|---|---|
master.password.storeInFile=true
|
This controls whether webMethods API Gateway stores the masterpassword in a file (true) or prompts for it at server initialization (false). If this value is set to true, make sure the master.password.field.attemptsLimit properties are commented out. |
master.password.field.fileName=config/empw.dat
|
This indicates the location of the master password store. Use the forward slash (/) only; the backward slash (\) is not supported. |
master.password.field.repeatLimit=3
|
This indicates the number of password changes required before you can reuse a password. |
Prompting for the Master Password at Server Initialization
To prompt for the master password at server initialization, use the following properties.
Use these properties only if you want webMethods API Gateway to prompt for the password at server initialization
(that is, you specify false for
master.password.storeInFile). If you do not want webMethods API Gateway to prompt for the password at server initialization,
make sure these two properties are commented out.
| Property | Description |
|---|---|
#master.password.field.useGUI=true
|
Specify true to prompt for the password in a pop-up window. If you select this
method, you can start the server from the Windows start menu. This is default if
|
#master.password.field.attemptsLimit=3
|
This indicates the number of unsuccessful login attempts permitted before webMethods API Gateway rejects the request. |
You cannot configure webMethods API Gateway to prompt for the master password at server initialization if:
- webMethods API Gateway runs as a Windows service.
- webMethods API Gateway runs as a background application on UNIX.