Sun Java Enterprise System 2005Q4 Installation Guide for UNIX

Compromised Security Around the Root Password

It might be necessary to regenerate security keys on a host running Java ES. For example, if there is a risk that a root password has been exposed or compromised, you should regenerate security keys. The keys used by the common agent container services are stored in the following locations:

Solaris OS: /etc/opt/SUNWcacao/securityLinux: /etc/opt/sun/cacao/security

Under normal operation, these keys can be left in their default configuration. If you need to regenerate the keys due to a possible key compromise, you can regenerate the security keys using the following procedure.

Security Key Problems

ProcedureTo Generate Keys for Solaris OS

Steps
  1. As root, stop the common agent container management daemon.


    # /opt/SUNWcacao/bin/cacaoadm stop
  2. Regenerate the security keys.


    # /opt/SUNWcacao/bin/cacaoadm create-keys --force
  3. Restart the common agent container management daemon.


    # /opt/SUNWcacao/bin/cacaoadm start

    Note –

    In the case of Sun Cluster software, you must propagate this change across all nodes in the cluster. For more information, see How to Finish a Rolling Upgrade to Sun Cluster 3.1 8/05 Software in Sun Cluster Software Installation Guide for Solaris OS.


ProcedureTo Generate Keys for Linux

Steps
  1. As root, stop the common agent container management daemon.


    # /opt/sun/cacao/bin/cacaoadm stop
  2. Regenerate the security keys.


    # /opt/sun/cacao/bin/cacaoadm create-keys --force
  3. Restart the common agent container management daemon.


    # /opt/sun/cacao/bin/cacaoadm start

    For more information on the cacaoadm(1M) command, see the cacaoadm man page.