PropFilePasswordEncoder command reference

The PropFilePasswordEncoder command encodes passwords that are located in plain text property files. This command encodes both Secure Authentication Server (SAS) property files and non-SAS property files. After you encode the passwords, a decoding command does not exist.

To encode passwords, you must run this command from the directory:

To run this script, your user profile must have *ALLOBJ authority.

Important: SAS is supported only between Version 6.0.x and previous version servers that have been federated in a Version 6.1 cell.

Syntax

[This information applies to Version 6.0.x and previous servers only that are federated in a Version 6.1 cell.] The command syntax is as follows:
PropFilePasswordEncoder "fileName" { passwordPropertiesList
  | -SAS } [ -profileName profile ] [ -help | -? ]
Important: You must specify either the passwordPropertiesList parameter or the -SAS parameter.

Parameters

The following option is available for the PropFilePasswordEncoder command:

fileName
This required parameter specifies the name of the file in which passwords are encoded.
passwordPropertiesList
This parameter is required if you are encoding passwords in property files other than the sas.client.props file. Specify one or more password properties that you want to encode. The password properties list should be delimited by commas.
-SAS [This information applies to Version 6.0.x and previous servers only that are federated in a Version 6.1 cell.]
This parameter is required if you are encoding passwords in the sas.client.props file.
-profileName
This parameter is optional. The profile value specifies an application server profile name. The script uses the password encoding algorithm that it retrieves from the specified profile. If you do not specify this parameter, the script uses the default profile.
-help or -?
If you specify this parameter, the script ignores all other parameters and displays usage text.

Example

[This information applies to Version 6.0.x and previous servers only that are federated in a Version 6.1 cell.] The following command encodes the passwords in the sas.client.props file for the default stand-alone application server profile:
app_server_root/bin/PropFilePasswordEncoder
 profile_root/default/properties/sas.client.props -SAS password_properties_list
The following command encodes the passwords in the soap.client.props file for the default stand-alone application server profile:
app_server_root/bin/PropFilePasswordEncoder
 profile_root/default/properties/soap.client.props
com.ibm.SOAP.loginPassword,com.ibm.ssl.keyStorePassword,com.ibm.ssl.trustStorePassword
Attention: These commands are displayed on multiple lines for illustrative purposes only.

PropFilePasswordEncoder utility creates a .bak file with the password in clear text. The com.ibm.websphere.security.util.createBackup option is needed to prevent this from occurring.

Note: Once this option has been used the tool prompts whether a backup file must be created as follows: "Create a backup file of the original properties file which contains unencoded passwords? (y/n)". If you choose 'y', <specified filename>.bak which contains clear text passwords, is created. If you choose 'n', a backup file is not created. Examine the results and then delete this backup file. It contains the unencrypted password.

To disable the prompt for a backup file, please add the following Java System property in PropFilePasswordEncoder script (PropFilePasswordEncoder.sh or PropFilePasswordEncoder.bat in app_server_root/bin): "-Dcom.ibm.websphere.security.util.createBackup=false or true".




Related tasks
Manually encoding passwords in properties files
Implementing custom password encryption
Reference topic Reference topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 30, 2013 6:03:36 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-base-iseries&topic=rsec_propfilepwdencoder
File name: rsec_propfilepwdencoder.html