DB2 Password and TKLM Data Source Out of Sync
On systems such as Linux or AIX, you might need to change the password for the DB2® Administrator user ID. The login password for the DB2 Administrator user ID and the DB2 password for the user ID must be the same.
The Tivoli Key Lifecycle
Manager Installation program installs DB2 and prompts the
installing person for a password for the user named tklmdb2. Additionally,
the DB2 application creates an operating system user entry named
tklmdb2. For example, the password for this user might expire, requiring you to
resynchronize the password for both user IDs.
Typically you can identify if the DB2 ID password
is no longer in sync with the data source password when you see this error when
accessing TKLM through the GUI
Before you can change the password of
the DB2 Administrator user ID, you must change the password for the
system user entry. To resolve the password sync issue follow these steps:
1.
Log on to Tivoli Key Lifecycle Manager server
as root.
2.
Change user to the tklmdb2 system user entry.
Type:
su <gc>tklmdb
3.
Change the password. Type:
passwd
Specify
the new password.
4.
Exit back to root.
exit
5.
In the TIP_HOME/bin directory, use the
wsadmin interface that the WebSphere® Application Server provides to specify
the Jython syntax.
./wsadmin.sh -username
TIPAdmin -password mypwd -lang jython
6. Change
the password for the WebSphere Application Server data source:
a. The
following command lists the JAASAuthData entries:
wsadmin>print
AdminConfig.list('JAASAuthData')
The
result might like this example:
(cells/TIPCell|security.xml#JAASAuthData_1396539704930)
(cells/TIPCell|security.xml#JAASAuthData_1396539705604)
b.
Type the AdminConfig.showall command for each
entry, to locate the alias tklm_db. For example, type on one line:
print AdminConfig.showall
('(cells/TIPCell|security.xml#JAASAuthData_1396539704930)')
The
result is like this example:
[alias
tklmdb]
[description
"TKLM database user J2C authentication alias"]
[password
*****]
[userId
ustklmdb]
And also type on one line:
print
AdminConfig.showall ('(cells/TIPCell|security.xml#JAASAuthData_1396539705604)')
The result is like
this example:
[alias
tklm_db]
[description
"TKLM database user j2c authentication alias"]
[password
*****]
[userId
ustklmdb]
c.
Change the password for the tklm_db alias
that has the identifier JAASAuthData_1396539705604:
print
AdminConfig.modify('JAASAuthData_list_entry', '[[password passw0rdc]]'
For
example, type on one line:
print AdminConfig.modify
('(cells/TIPCell|security.xml#JAASAuthData_1396539705604)',
'[[password <password>]]')
d.
Change the password for the tklmdb alias that
has the identifier JAASAuthData_1396539704930:
print
AdminConfig.modify('JAASAuthData_list_entry', '[[password passw0rdc]]'
For
example, type on one line:
print AdminConfig.modify
('(cells/TIPCell|security.xml#JAASAuthData_1396539704930)',
'[[password <password>]]')
e.
Save the changes:
print AdminConfig.save()
f.
Exit back to root.
exit
g.
In the TIP_HOME/bin directory, stop the
Tivoli Integrated Portal application. For example, as TIPAdmin, type on one
line:
stopServer.sh server1
-username tipadmin -password passw0rd
The result is like this example:
ADMU0116I: Tool information is being logged
in file
//opt/IBM/tivoli/tiptklmV2/profiles/TIPProfile/logs/server1/stopServer.log
ADMU0128I: Starting tool with the TIPProfile
profile
ADMU3100I: Reading configuration for server:
server1
ADMU3201I: Server stop request issued.
Waiting for stop status.
ADMU4000I: Server server1 stop completed.
h.
Start the Tivoli Integrated Portal
application. As the Tivoli Integrated Portal administrator, type on one line:
startServer.sh
server1
i.
In the TIP_HOME/bin directory, use the
wsadmin interface that the WebSphere Application Server provides to specify the
Jython syntax.
./wsadmin.sh -username tipadmin -password
mypwd -lang jython
j.
Verify that you can connect to the database
using the WebSphere Application Server data source.
i.
First, query for a list of data sources.
Type:
print AdminConfig.list('DataSource')
The result might be like this example:
"TKLM
DataSource(cells/TIPCell/nodes/TIPNode/servers/server1|resources.xml#DataSource_1396539707355)"
"TKLM scheduler XA
Datasource(cells/TIPCell/nodes/TIPNode/servers/server1|resources.xml#DataSource_1396539709814)"
"Tivoli Common Reporting Data
Source(cells/TIPCell|resources.xml#DataSource_1396539473259)"
DefaultEJBTimerDataSource(cells/TIPCell/nodes/TIPNode/servers/server1|resources.xml#DataSource_1000001)
ttssdb(cells/TIPCell|resources.xml#DataSource_1396539429750)
ii.
Type:
print
AdminControl.testConnection('TKLM DataSource(cells....)')
For
example, type on one line:
print
AdminControl.testConnection (‘TKLM DataSource(cells/TIPCell/nodes/TIPNode/servers/server1|resources.xml#DataSource_1396539707355)')
iii.
Test the connection on the remaining data
source. For example, type:
print
AdminControl.testConnection (‘TKLM scheduler XA
Datasource(cells/TIPCell/nodes/TIPNode/servers/server1|resources.xml#DataSource_1396539709814)')
iv.
In both cases, you receive a message that the
connection to the data source was successful. For example:
WASX7217I: Connection to
provided data source was successful.
No comments:
Post a Comment