The master password (MP) is an overall shared password. It is never used for authentication and is never transmitted over the network. This password is the choke point for overall security; the user can choose to enter it manually when required, or obscure it in a file. It is the most sensitive piece of data in the system. The user can force prompting for the MP by removing this file. When the master password is changed, it is re-saved in the master-password keystore, which is a Java JCEKS type keystore.
To change the master password, follow these steps:
Stop the Application Server for the domain. Use the asadmin change-master-password command, which prompts for the old and new passwords, then re-encrypts all dependent items. For example:
asadmin change-master-password> Please enter the master password> Please enter the new master password> Please enter the the new master password again>
Restart the Application Server.
At this point in time, server instances that are running must not be started and running server instances must not be restarted until the SMP on their corresponding node agent has been changed. If a server instance is restarted before changing its SMP, it will fail to come up.
Stop each node agent and its related servers one at a time. Run the asadmin change-master-password command again, and then restart the node agent and its related servers.
Continue with the next node agent until all node agents have been addressed. In this way, a rolling change is accomplished.