/opt/IBM/tivoli/tip/properties/objectserver.properties
/opt/IBM/tivoli/tip/profiles/TIPProfile/config/cells/TIPCell/wim/config/wimconfig.xml
/opt/IBM/tivoli/tip/profiles/TIPProfile/etc/webtop/datasources/ncwDataSourceDefinitions.xml
The last file states the encryption used, which tells you which ncw_*_crypt command to run (this stanza is directly above the ObjectServer hostname):
< !-- ! Login information to access the datasource specified in !
! - encrypted : If true, the password is encrypted (using nco_g_crypt)
! - algorithm (optional) : [AES|FIPS]
! If set to AES and encrypted attribute is set to true,
! the password is encrypted (using ncw_aes_crypt).
! If set to FIPS and encrypted attribute is set to true,
! the password is encrypted (using ncw_fips_crypt).
!-->
<ncwdatasourcecredentials username="root" password="xxxxxxxxxxxxxxxxxxxxxxx==" encrypted="true" algorithm="FIPS">
</ncwdatasourcecredentials>
To change the password, in this case you would run ncw_fips_crypt and place the encrypted passwd in the three files listed above.