The master password master gives access to the crypto store used with the domain, be that an NSS cert8.db trust store or a Java JKS keystore. This password is not tied to a UNIX user. This overall shared password is the most sensitive piece of data in your system. The master password is never used for authentication and is never transmitted over the network.
You can choose to type the password manually when required, or to obscure the password in a password file. If there is no password file, you are prompted for the master password. If there is a password file, but you want to change access to require prompting, remove the file. The default master password is changeit.
Use the change-master-password subcommand in local mode to modify the master password.
This subcommand will not work unless the domain is stopped.
Stop the domain whose password you are changing.
See To Stop a Domain.
Change the master password for the domain by using the change-master-password(1) subcommand.
You are prompted for the old and new passwords. All dependent items are re-encrypted.
Start the domain.
See To Start a Domain.
The change-master-password subcommand is interactive in that you are prompted for the old master password as well as the new master password. This example changes the master password for domain44ps:
asadmin> change-master-password domain44ps
If you have already logged into the domain using the login login(1) subcommand, you are prompted for the new master password:
Please enter the new master password> Please enter the new master password again>
If you are not logged into the domain, you are prompted for both the old and the new master passwords:
Please enter the master password again> Please enter the new master password> Please enter the new master password again>
Information similar to the following is displayed:
Master password changed for domain44ps
You can also view the full syntax and options of the subcommand by typing asadmin help change-master-password at the command line.