Previous Contents Index Next |
iPlanet Certificate Management System Command-Line Tools Guide |
Chapter 2 Password Cache Utility
During the installation of iPlanet iPlanet Certificate Management Server (CMS), the watchdog stores all the passwords required by the server for starting upsuch as passwords for the internal or external tokens, the bind password used by Certificate Management System to access and update the internal database, the bind password used by Certificate Management System to access and update the LDAP directory used for authentication or publishingin a password cache. The cache is maintained in a file encrypted using the single sign-on password you specify during installation.
The command-line utility named PasswordCache enables you to manipulate the contents of the password cache. You will be required to manipulate the password cache for various reasons. For example, assume you've configured the Certificate Manager to publish certificates and CRLs to an LDAP directory and have configured it to bind to the directory with Directory Manager's DN and password. If the directory administrator changes the Directory Manager's password, the Certificate Manager will fail to bind to the directory during startup. You can resolve this problem by modifying the corresponding bind password in the cache using the PasswordCache utility.
This chapter has the following sections:
Location
The PasswordCache utility is located with the rest of the command-line tools in this directory: <server_root>/bin/cert/tools
Syntax
You can run the utility by executing the following command from the <server_root>/cert-<instance_id> directory:
PasswordCache <sso_password> <command>
where <sso_password> specifies the current single sign-on password and <command> can be any of the following:
list
add <password_name> <password>
change <password_name> <password>
<password_name> specifies the string (describing the password usage) you want to add to, or modify or delete from the cache; it is equivalent to the value assigned to the bindPWPrompt or tokenname parameter in the CMS configuration file.
<password> specifies the new password.
<new_sso_password> specifies the new single sign-on password.
Note You must run the PasswordCache utility from the <server_root>/cert-<instance_id> directory.
Usage
You can use the PasswordCache utility for the following:
Changing the Single Sign-On PasswordChanging the single sign-on password
Listing the Contents of the Password Cache
Adding a New Entry to the Password Cache
Changing the Single Sign-On Password
To change the single sign-on password:
Open a command window.
Go to this directory: <server_root>/cert-<instance_id>
At the prompt, enter the command below, substituting <sso_password> with the single sign-on password and <new_sso_password> with the new single sign-on password.
PasswordCache <sso_password> changesso <new_sso_password>
For example, if your old password is mySsoPwd and new password is myNewSsoPwd, the command would look like this:
PasswordCache mySsoPwd changesso myNewSsoPwd
Listing the Contents of the Password Cache
To list or view the contents of the password cache:
Open a command window.
Go to this directory: <server_root>/cert-<instance_id>
At the prompt, enter the command below, substituting <sso_password> with the single sign-on password:
PasswordCache <sso_password> list
For example, if your single sign-on password is mySsoPwd, the command would look like this:
PasswordCache mySsoPwd list
In response, you should see something similar to this:
----- Password Cache -----
Internal LDAP Database : myIdbPwd
Internal Key Storage Token : myTokenPwd
LDAP Publishing: myLdapPubPwd
Adding a New Entry to the Password Cache
To add a new entry to the cache:
Open a command window.
Go to this directory: <server_root>/cert-<instance_id>
At the prompt, enter the command below, substituting <sso_password> with the single sign-on password, <password_name> with a string describing the password usage, and <password> with the actual password:
PasswordCache <sso_password> add <password_name> <password>
For example, if your single sign-on password is mySsoPwd, the string describing the password usage is Bind Password for LDAP Publishing Directory, and password is myLdapPubPwd, the command would look like this:
PasswordCache mySsoPwd add "Bind Password for LDAP Publishing
Directory" myLdapPubPwd
If the password name string includes spaces, be sure to enclose the string in double quotes as indicated in the above example.
Changing the Password of an Entry in the Password Cache
To change the password associated with an entry in the password cache:
Open a command window.
Go to this directory: <server_root>/cert-<instance_id>
At the prompt, enter the command below, substituting <sso_password> with the single sign-on password, <password_name> with the string that describes the password usage, and <password> with the new password:
PasswordCache <sso_password> change <password_name> <password>
For example, if your single sign-on password is mySsoPwd, the string describing the password usage is Bind Password for LDAP Publishing Directory, and the new password is myNewLdapPubPwd, the command would look like this:
PasswordCache mySsoPwd change "Bind Password for LDAP Publishing
Directory" myNewLdapPubPwd
If the password name string includes spaces, be sure to enclose the string in double quotes as indicated in the above example.
Deleting an Entry From the Password Cache
To delete an entry from the cache:
Open a command window.
Go to this directory: <server_root>/cert-<instance_id>
At the prompt, enter the command below, substituting <sso_password> with the single sign-on password and <password_name> with the string that describes the password usage:
PasswordCache <sso_password> delete <password_name>
For example, if your single sign-on password is mySsoPwd and the string describing the password usage is Bind Password for LDAP Publishing Directory, the command would look like this:
PasswordCache mySsoPwd delete "Bind Password for LDAP Publishing
Directory"
If the password name string includes spaces, be sure to enclose the string in double quotes as indicated in the above example.
Creating a New Password Cache
If you have changed CMS startup so that the server prompts for all the required passwords, instead of just the single sign-on password, and want to revert back to starting the server with a single sign-on password, you must create a new password cache. Before creating a new password cache, decide on the single sign-on password to protect the cache.
To create a new, empty password cache:
Open a command window.
Go to this directory: <server_root>/cert-<instance_id>
At the prompt, enter the command below, substituting <sso_password> with a password to protect the cache:
PasswordCache <sso_password> create
For example, if the password you want to use to protect the single sign-on cache is mySsoPwd, the command would look like this:
PasswordCache mySsoPwd create
Previous Contents Index Next
Copyright © 2002 Sun Microsystems, Inc. All rights reserved.
Last Updated October 07, 2002