test

Sun Java System Access Manager 7 2005Q4 Deployment Planning Guide

Changing the Key Value

To change the password encryption key value, follow these steps:

  1. Log in as or become superuser (root) on the host server where the first Access Manager instance is installed.

  2. In the AMConfig.properties file for the first Access Manager instance, get and save the values of the following attributes:

    • Password encryption key: am.encryption.pwd

    • Shared secret: com.iplanet.am.service.secret

    The AMConfig.properties file is installed in the following directories:

    • Solaris systems: /etc/opt/SUNWam/config

    • Linux systems: /etc/opt/sun/identity/config

  3. Log in as or become superuser (root) on the server where the second Access Manager instance is deployed.

  4. As a precaution, back up the AMConfig.properties and serverconfig.xml files, which are in the /config directory.

  5. Stop the web container of the second Access Manager instance. For example, on Solaris systems, with Web Server as the web container:


    # cd /opt/SUNWwbsvr/https-host2-name
#./stop

  6. Edit the AMConfig.properties file and replace the values for am.encryption.pwd and com.iplanet.am.service.secret with the values that you saved from the first Access Manager instance in Step 2.

  7. Because the encryption key defined in am.encryption.pwd is changed, you must run the ampassword utility to re-encrypt and replace the passwords in the serverconfig.xml file. The passwords in serverconfig.xml are identified by the <DirPassword> element. Consider the following cases:

    Passwords are the same. If the password for puser and dsameuser is the same as the amadmin password in serverconfig.xml, run ampassword to re-encrypt the amadmin password. For example on Solaris systems:

    # cd /opt/SUNWam/bin
# ./ampassword --encrypt password

    where password is the password you used for amadmin when you installed the first instance. Use the ampassword output (new encrypted password) to replace the two passwords in the serverconfig.xml file for the second instance.

    Passwords are different. If the passwords for puser and dsameuser are different from the amadmin password in serverconfig.xml, run ampassword to re-encrypt each password (type="proxy" and type="admin).

    Use the ampassword output (new encrypted passwords) to replace the puser and dsameuser passwords in serverconfig.xml for the second instance.

  8. Restart the web container for Access Manager for the second instance. For example, on Solaris systems, with Web Server as the web container:


    # cd /opt/SUNWwbsvr/https-host2-name
# ./start

  9. Repeat Step 3 through Step 8 for additional instances of Access Manager in the deployment.