This topic applies only on the i5/OS operating system.

Migrating Java thin clients that use the password encoding algorithm

To migrate Java thin clients that are enabled for OS400 password encoding, use the following information to modify the Java client invocation so that the os400.security.password properties are no longer set on the invocation.

About this task

The password encoding feature offers the following encoding algorithms:

In Version 5 and later, the value of the os400.security.password.validation.list.object property is dependant upon the property value passed to the thin client using the JAVA_FLAGS environment variable. The JAVA_FLAGS environment variable is set by the setupClient script. The setupClient script calls the setupCmdLine script, which is where the value for the os400.security.password.validation.list.object property is set. For example, if a Version 6.x Base Edition Java client is passed -profileName default, then the setupClient script calls the profile_root/default/bin/setupCmdLine file.

To migrate Java thin clients that are enabled for OS400 password encoding, modify the Java client invocation so that the os400.security.password properties are no longer set on the invocation. The following code sample does not contain the os400.security.password properties:
java -classpath $MY_CLIENT_CLASSES:app_server_root/classes/wsa400.jar:$WAS_CLASSPATH \
  $CLIENTSAS $JAVA_FLAGS \
  -Djava.naming.factory.initial=com.ibm.websphere.naming.WsnInitialContextFactory \
  -Djava.naming.provider.url=iiop://server1:10151 \
  MyClientClass $*
Perform the following steps if the following condition is true:
  • If the passwords in the sas.client.props file for that profile are encoded with the OS400 password encoding algorithm

Procedure

  1. Replace all of the OS400 encoded passwords, which have {OS400}) prefixes in the sas.client.props file for the Application Server profile, with the clear text values of the passwords.
  2. Encode the passwords using the PropFilePasswordEncoder Qshell command.

    For more information, see PropFilePasswordEncoder command reference.

Results

Attention: You can configure a WebSphere Application Server profile to encode passwords with the XOR algorithm even though the profile is enabled to decode passwords that were encoded with either the OS400 algorithm or the XOR algorithm. If you encode these passwords with the XOR algorithm, then the passwords in the sas.client.props file are encoded with the XOR algorithm.



In this information ...


IBM Redbooks, demos, education, and more

(Index)

Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

Task topic Task topic    

Terms and conditions for information centers | Feedback

Last updatedLast updated: Aug 31, 2013 1:23:07 AM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=pix&product=was-nd-dist&topic=tsec_secmigpw
File name: tsec_secmigpw.html