Friday, July 06, 2012

Encrypting the ID and Password for Websphere Application Server

By default, you need to supply the ID and password when starting up/shutting down the deployment manager, node or application server. Example of the command as below

Deployment Manager
//bin/startManager.sh -username XXX -password XXX

Node
//bin/startNode.sh -username XXX -password XXX

Application Server
//bin/startServer.sh -username XXX -password XXX

The steps to encrypt the password and ID is as follows.

Insert the ID and password in clear text into the SOAP properties file at //properties/soap.client.props.

# grep SOAP.login soap.client.props | grep -v "#"
com.ibm.SOAP.loginUserid=wasadm
com.ibm.SOAP.loginPassword=wasadm
com.ibm.SOAP.loginSource=prompt


We use the IBM provided script to encode the password.

//bin/PropFilePasswordEncoder.sh //profiles/default/properties/soap.client.props com.ibm.SOAP.loginPassword -Backup

Taking a look at the same property file again, the password is now encrypted.

# grep SOAP.login soap.client.props | grep -v "#"
com.ibm.SOAP.loginUserid=wasadm
com.ibm.SOAP.loginPassword={xor}Es4zPjwS
com.ibm.SOAP.loginSource=prompt


Now, we can start up websphere and shut down without using the password.

su wasadm -c "//bin/startManager.sh"
su wasadm -c "//bin/startNode.sh"
su wasadm -c "//bin/startServer.sh "



su wasadm -c "//bin/stopManager.sh"
su wasadm -c "//bin/stopNode.sh"
su wasadm -c "//bin/stopServer.sh "

end.

======================

Some trival.
How come IBM prefers to use XOR instead of some stronger algorithm like how weblogic uses 3DES? XOR is good enough only to prevent casual snooping. 


Someone demonstrated that with a online decoder

http://www.poweredbywebsphere.com/decoder.html

No comments: