Configuring security with scripting
The user Id and password needed for wsadmin to connect to a secured server can be supplied as command line options and in properties files. If used together, command line options take precedence over what is in the properties files. The properties files are located at Profile_root/properties .
Procedure
- The nature of the properties file updates required for
running in secure mode depend on whether you connect with a Remote
Method Invocation (RMI) connector, a JSR160RMI connector, an Inter-Process
Communications (IPC) or a SOAP connector:
- If you use a Remote Method Invocation (RMI) connector or a JSR160RMI connector, set the
following properties in the sas.client.props file with the appropriate
values:
Also, set the following property:com.ibm.CORBA.loginUserid= com.ibm.CORBA.loginPassword=
The default value for this property is prompt in the sas.client.props file. If you leave the default value, then a dialog box is displayed with a password prompt. If the script is running unattended, then the system stops.com.ibm.CORBA.loginSource=properties
Deprecated feature: Convert your RMI connectors to JSR160RMI connectors because support for the RMI connector is deprecated. - If you use a SOAP connector, set the following properties in the soap.client.props file
with the appropriate values:
com.ibm.SOAP.securityEnabled=true com.ibm.SOAP.loginUserid= com.ibm.SOAP.loginPassword=
Optionally, set the following property:
The default value for this property is prompt in the soap.client.props file. If you leave the default value, a dialog box is displayed with a password prompt. If the script is running unattended, then the system stops.com.ibm.SOAP.loginSource=none
- If you use an IPC connector, set the following properties in the ipc.client.props file
with the appropriate
values:
com.ibm.IPC.loginUserid= com.ibm.IPC.loginPassword=
Optionally, removeprompt
from the following line:
The default value for this property is prompt in the ipc.client.props file. If you leave the default value, a dialog box appears with a password prompt. If the script is running unattended, it appears to hang.com.ibm.IPC.loginSource=prompt
- If you use a Remote Method Invocation (RMI) connector or a JSR160RMI connector, set the
following properties in the sas.client.props file with the appropriate
values:
- Specify user and password information. Choose one of the following methods:
- Specify user name and password on a command line, using the -user and -password commands,
as the following examples demonstrate:
wsadmin -conntype JSR160RMI -port 2809 -user u1 -password secret1
- Specify a user name and password in the properties file for the type of connector you are using.
If you specify user and password information on a command line and in the sas.client.props file or the soap.client.props file, the command line information overrides the information in the props file.
The use of -password option may result in security exposure as the password information becomes visible to the system status program such as ps command which can be invoked by other user to display all the running processes. Do not use this option if security exposure is a concern. Instead, specify user and password information in the soap.client.props file for the SOAP connector, the sas.client.props file for the JSR160RMI connector or the Remote Method Invocation (RMI) connector, or the ipc.client.props file for the IPC connector. The soap.client.props, sas.client.props, and ipc.client.props files are located in the properties directory of your profile.
- Specify user name and password on a command line, using the -user and -password commands,
as the following examples demonstrate: