It's all about the answers!

Ask a question

Any easier way to inform the temporary password when upgrading from Tomcat to WAS Liberty


Taki Nakajo (1.1k1945) | asked Mar 29 '16, 4:30 a.m.
When upgrading from CLM tomcat to CLM 6.0.1 WAS Liberty, the passwords.txt file which contains temporary passwords for each user is created, the server administrator must communicate to each user to inform the temporary password. However, there are 500 users in the system, it is very time consuming to do so. Is there any easy way to inform users such as sending email? Otherwise, will upgrade to CLM 6.0.1 tomcat instead as WAS Liberty is expected more stable.

* Upgrade Guide
Communicate Tomcat users temporary passwords
Tomcat user registry only: If you used a Tomcat user registry in your previous installation, the migration command creates a file named passwords.txt in the C:\IBM\JazzTeamServer601\server directory that contains all repository users from the tomcat-users.xml file. Because the tomcat-users.xml file stores one-way-encrypted passwords, it is not possible to migrate these user passwords. Instead, the passwords.txt file contains temporary passwords for each user, which the server administrator must communicate to the users. After the server is started, users can change their temporary passwords.

Accepted answer


permanent link
Ralph Schoon (55.8k23642) | answered Mar 29 '16, 4:51 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
I am not aware that there is more automation available with respect to the passwords. My expectation would be, if you run a deployment with 500 users,  you would most likely use LDAP and not a local application server specific solution. If you would use LDAP, all the problems would go away, as a user could use the tools provide with the LDAP tool to set their passwords.

With respect to Tomcat/WAS Liberty. For all I know Tomcat is still supported. It is just not shipped any more with the install files and WAS Liberty is used instead. Reasons might be security concerns. I am not sure. But you can still use Tomcat if you want to and avoid the password migration.

If you want to use WAS Liberty, I would really consider using LDAP and not the local file for your user base. Especially as your amount of users asks for a distributed topology with multiple WAS Liberty Servers. And you really, really don't want to manage this with local files with user ID's and passwords. You definitely want to use LDAP/Active directory to manage this.
Taki Nakajo selected this answer as the correct answer

Comments
Ralph Schoon commented Mar 29 '16, 4:52 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

Changing to LDAP and the user/password file is a one-time-effort.


Taki Nakajo commented Mar 30 '16, 3:22 a.m.

I agree totally with you that changing to LDAP will resolve the concern. Thank you for your answer.


Taki Nakajo commented Mar 30 '16, 3:25 a.m.

I tested manually editing the

\JazzTeamServer\server\liberty\servers\clm\conf\basicUserRegistry.
xml file. It works as the follows. I may also use this method to reset to the temporary password for all users then inform users to change to own password.


Taki Nakajo commented Mar 30 '16, 3:25 a.m.

User passwords can be changed via the basicUserRegistry.xml file. 

On Rational Team Concert 6.0.1 on WAS Liberty application server, the
user information is stored in the basicUserRegistry.xml file (located
in <install
directory>\JazzTeamServer\server\liberty\servers\clm\conf). 

For example, a user named 'tammy' has the following information:
<user name="tammy"
password="{aes}ACjH9S9cqYkYZgV/3oewgT24mVOShEDu6sAFmd5OjUIo"/>
Here, you can change the password hash to represent a new password. 
To change the password to ADMIN, the hash would be 
<user name="tammy"
password="{aes}AOxsQMoce829JJacYG4x3ga87N+UljtW8wNM2oc+QioN"/>


Taki Nakajo commented Apr 07 '16, 3:06 a.m.
The following technote has been published.

How to reset a user password in Jazz Team Server with WebSphere Liberty 
http://www-01.ibm.com/support/docview.wss?uid=swg21980397


Your answer


Register or to post your answer.