Compromised Security Around the Root Password
It might be necessary to regenerate security keys on a host running Java ES. For example, if there is a risk that a root password has been exposed or compromised, you should regenerate security keys. The keys used by the common agent container services are stored in the following locations:
Solaris OS: /etc/opt/SUNWcacao/securityLinux and HP-UX: /etc/opt/sun/cacao/security
Under normal operation, these keys can be left in their default configuration. If you need to regenerate the keys due to a possible key compromise, you can regenerate the security keys using the following procedure.
To Generate Keys for Solaris OS
-
As root, stop the common agent container management daemon.
/usr/sbin/cacaoadm stop
-
Regenerate the security keys.
/usr/sbin/cacaoadm create-keys --force
-
Restart the common agent container management daemon.
/usr/sbin/cacaoadm start
Note –In the case of Sun Cluster software, you must propagate this change across all nodes in the cluster. For more information, see How to Finish a Rolling Upgrade to Sun Cluster 3.1 8/05 Software in Sun Cluster Software Installation Guide for Solaris OS.
To Generate Keys for Linux and HP-UX
-
As root, stop the common agent container management daemon.
/opt/sun/cacao/bin/cacaoadm stop
-
Regenerate the security keys.
/opt/sun/cacao/bin/cacaoadm create-keys --force
-
Restart the common agent container management daemon.
/opt/sun/cacao/bin/cacaoadm start
For more information on the cacaoadm(1M) command, see the cacaoadm man page.
- © 2010, Oracle Corporation and/or its affiliates