Changing the administrator password in WAS

The user ID and password that you enter during installation are considered the administrator ID and password for the site. You can change the password to better secure your environment.
Follow this procedure, in the event that you must change the password of the user account for which your LDAP is connecting to IBM® Workplace™ Services Express. Note that there are four distinct possible user passwords: WebSphere® admin, WebSphere Portal admin, LDAP bind, LDAP admin. They can be all the same user or different users.
Preparation:
Shut down the HTTP servers to help prevent unauthorized accesses and interference.
Back up the following files:
/was_home/config/cells/cellname/security.xml
/was_home/properties/soap.client.props
/wps_home/shared/app/wmm/wmm.xml
Remove user credential information from WAS_HOME/properties/soap.client.props. These values allow you to stop the WebSphere servers without a user name and password. Once you have cleared these, you will need to issue a stopServer command with '-username' and '-password' switches.
Start just enough to use the console: WebSphere_Portal and the NetworkServer (Cloudscapeâ„¢ database) should be running. Shut down other WebSphere applications.
If you are using LDAP, continue to step 2. If you are not using LDAP, follow this procedure to change the password for the Portal administrator:
Log in to the site as the Portal administrator.
Click Edit my profile.
Change your password in the appropriate box.
Save, exit and logoff.
At the WebSphere Application Server administrative console (http://yourServer:9091/admin ), log in as the WebSphere Application Server administrator. Click Security > Global Security, and deselect Enabled. Change nothing else at this time. Click OK and Save.
Restart WebSphere_Portal:
/was_home/bin/stopServer.sh WebSphere_Portal -username wpsadmin -password wpsadmin
/was_home/bin/startServer.sh WebSphere_Portal
If you are not using LDAP, skip to step 4. Otherwise, change the passwords for WAS admin, WebSphere Portal admin, LDAP admin, and LDAP bind as necessary on the LDAP server using your LDAP vendor's instructions.
Update WebSphere Application Server security settings. At the WebSphere Application Server administrative console (http://yourServer:9091/admin ), log in as the WebSphere Application Server administrator. There will be no password challenge.
Update the server user password. Click Security > User Registries > LDAP. In the Server User Password field, enter the new WebSphere Application Server admin password. Make sure 'Custom' directory type is selected (this will prevent the Advanced LDAP settings from being reset to defaults). Select Custom if necessary. Click OK and Save.
Update the LDAP Bind password. Click Security > User Registries > LDAP In the Bind password field, enter the new LDAP bind password. Make sure 'Custom' directory type is selected (this will prevent the Advanced LDAP settings from being reset to defaults). Select Custom if necessary. Click OK and Save.
Update the custom user password. Click Security > User Registries > Custom. In the Bind password field, enter the new WSE/Portal admin user password. Click OK and Save.
Click Security > Global Security. Select Enabled and then deselect Enforce Java 2 Security. Change nothing else at this time. Click OK and Save.
Restart the WebSphere Portal server.
Restart WebSphere Portal using the following commands:
/was_home/bin/stopServer.sh WebSphere_Portal
/was_home/bin/startServer.sh WebSphere_Portal
Repopulate soap.client.props. (This step is optional. But if you choose to skip this step, you must enter the stopServer command with the -username and -password arguments.) Populating soap.client.props user credential allows you to stop secured WebSphere applications without entering a password on the command line. The WebSphere Application Server provides a property encoding script with which you may encode the passwords contained within the /was_home/properties/soap.client.props.
Open /was_home/properties/soap.client.props.
Enter your WSE/Portal admin user for com.ibm.SOAP.loginUserid and password for the com.ibm.SOAP.loginPassword properties. For example: apricot:/opt/IBM/Workplace Services Express/AppServer/properties # ../bin/PropFilePasswordEncoder.sh soap.client.props com.ibm.SOAP.loginPassword
where
/opt/IBM/WorkplaceServicesExpress/AppServer/properties is the directory from which this command is initiated
../bin/PropFilePasswordEncoder.sh is the script executed
soap.client.props is the file containing the strings to be encoded
SOAP.loginPassword is the property to encode
Set this password value for each of the specified Enterprise Applications listed below by using the specified sequence of steps.
For each of these applications:
LWP_CAI
LWP_Discussion_Service
LWP_Security
LWP_Team_Task_List
LWP_Template_Infrastructure
Repeat these steps:
In the WebSphere Application Server administrative console, select an Enterprise Application.
Click Additional Properties > Map security roles to users/groups > Select wpsRunAsAdmin role.
Click Lookup groups and in Search, type the name of the group in which the admin user is defined. Click Search. In the list labeled Available, select the WSE/Portal admin user and click >> to add to Selected. Click OK, and OK again.
Click Additional Properties > Map RunAs roles to users. Select the wpsRunAsAdmin role.
At the user prompt, type the short name of your WSE admin user. At the password prompt, type the new password.
Click Apply --> OK --> OK. It is essential that you use this exact progression. Otherwise the process may fail.
When you have finished, click Save - Save to the Master Configuration.
If you are not using LDAP, skip to step 10. Otherwise, configure WMM for a new LDAP admin password.
On the Application server file system, open the directory /was_home/wmm/bin and run the wmm_encrypt.sh or wmm_encrypt.bat script, using the password of the LDAP admin user (for example: /wmm_encrypt.sh newpassword). Copy the output value as the 'ASCII encrypted string.'
Open wps_home/shared/app/wmm/wmm.xml with your favorite editor. Replace the value of adminPassword with the ASCII encrypted string. Save it.
Restart the servers.
Restart NetworkServer (Cloudscape database), using the following commands:
/install_root/PortalServer/rootscripts/subtasks/stopNetworkServer.sh
/install_root/PortalServer/rootscripts/subtasks/startNetworkServer.sh
Restart WebSphere_Portal, using the following commands:
/was_home/bin/stopServer.sh WebSphere_Portal (if soap.client.props has not been populated within the new info, -username and -password switches are necessary)
/was_home/bin/startServer.sh WebSphere_Portal
Within IBM Workplace Services Express, update your credential vault password: http://yourServer/lwp/workplace.
Log in as the Portal administrator.
Click Administration >Access > Credential Vault and select Manage System Vault Slots.
Click Modify for deployment.user.
Enter the password for that user and confirm. Click OK to accept. The credential vault change takes effect upon the next server restart.