Thursday, April 16, 2009

Changing OMNIBus password in TIP/ITNM

The Object Server password is stored in encrypted form in these three files on the TIP server:

/opt/IBM/tivoli/tip/properties/objectserver.properties
/opt/IBM/tivoli/tip/profiles/TIPProfile/config/cells/TIPCell/wim/config/wimconfig.xml
/opt/IBM/tivoli/tip/profiles/TIPProfile/etc/webtop/datasources/ncwDataSourceDefinitions.xml


The last file states the encryption used, which tells you which ncw_*_crypt command to run (this stanza is directly above the ObjectServer hostname):

< !-- ! Login information to access the datasource specified in ! .
! - encrypted : If true, the password is encrypted (using nco_g_crypt)
! - algorithm (optional) : [AES|FIPS]
! If set to AES and encrypted attribute is set to true,
! the password is encrypted (using ncw_aes_crypt).
! If set to FIPS and encrypted attribute is set to true,
! the password is encrypted (using ncw_fips_crypt).
!-->

<ncwdatasourcecredentials username="root" password="xxxxxxxxxxxxxxxxxxxxxxx==" encrypted="true" algorithm="FIPS">

</ncwdatasourcecredentials>


To change the password, in this case you would run ncw_fips_crypt and place the encrypted passwd in the three files listed above.