IBM Support

PM75115: RE-ENABLING SECURITY WITH WSADMIN DOES NOT UPDATE PASSWORD IF THE USER ALREADY EXISTS

Fixes are available

7.0.0.29: WebSphere Application Server V7.0 Fix Pack 29
8.0.0.7: WebSphere Application Server V8.0 Fix Pack 7
8.0.0.8: WebSphere Application Server V8.0 Fix Pack 8
7.0.0.31: WebSphere Application Server V7.0 Fix Pack 31
7.0.0.33: WebSphere Application Server V7.0 Fix Pack 33
8.0.0.9: WebSphere Application Server V8.0 Fix Pack 9
7.0.0.35: WebSphere Application Server V7.0 Fix Pack 35
8.0.0.10: WebSphere Application Server V8.0 Fix Pack 10
7.0.0.37: WebSphere Application Server V7.0 Fix Pack 37
8.0.0.11: WebSphere Application Server V8.0 Fix Pack 11
7.0.0.39: WebSphere Application Server V7.0 Fix Pack 39
8.0.0.12: WebSphere Application Server V8.0 Fix Pack 12
7.0.0.41: WebSphere Application Server V7.0 Fix Pack 41
8.0.0.13: WebSphere Application Server V8.0 Fix Pack 13
7.0.0.43: WebSphere Application Server V7.0 Fix Pack 43
8.0.0.14: WebSphere Application Server V8.0 Fix Pack 14
7.0.0.45: WebSphere Application Server V7.0 Fix Pack 45
8.0.0.15: WebSphere Application Server V8.0 Fix Pack 15
7.0.0.29: Java SDK 1.6 SR13 FP2 Cumulative Fix for WebSphere Application Server
7.0.0.45: Java SDK 1.6 SR16 FP60 Cumulative Fix for WebSphere Application Server
7.0.0.31: Java SDK 1.6 SR15 Cumulative Fix for WebSphere Application Server
7.0.0.35: Java SDK 1.6 SR16 FP1 Cumulative Fix for WebSphere Application Server
7.0.0.37: Java SDK 1.6 SR16 FP3 Cumulative Fix for WebSphere Application Server
7.0.0.39: Java SDK 1.6 SR16 FP7 Cumulative Fix for WebSphere Application Server
7.0.0.41: Java SDK 1.6 SR16 FP20 Cumulative Fix for WebSphere Application Server
7.0.0.43: Java SDK 1.6 SR16 FP41 Cumulative Fix for WebSphere Application Server

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • While using wsadmin to activate administrative security it was
    found that if security was re-enabled that the password of the
    administrator is not properly set if the user already exists.
    
    Example reproduction
    1) WebSphere security is off in a new cell.
    
    2) WebSphere security is enabled with
    $AdminTask applyWizardSettings [list -secureApps false -
    secureLocalResources false -ignoreCase false -userRegistryType
    WIMUserRegistry -adminName user -adminPassword password]
    
    3) WebSphere security is disabled with
    $AdminTask setGlobalSecurity [list -enabled false]
    
    4) Now security is enabled again with the same user name but
    different a password:
    $AdminTask applyWizardSettings [list -secureApps false -
    secureLocalResources false -ignoreCase false -userRegistryType
    WIMUserRegistry -adminName user -adminPassword PASS]
    
    The problem is that the admin user still uses the old password
    "password" from step 2 instead of updating the password to
    what was given in step 4.
    

Local fix

  • N/A
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:  All users of IBM WebSphere Application      *
    *                  Server who use "applyWizardSettings" to     *
    *                  set                                         *
    *                  adminPassword for Federated Repository      *
    ****************************************************************
    * PROBLEM DESCRIPTION: "applyWizardSettings" command fails to  *
    *                      update password when it is issued for   *
    *                      existing admin user.                    *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    The command did not update the password if it is already set.
    The code has been corrected to update the password.
    Note: The issue is specific to admin account in the
    default FileRegistry for Federated Repository. Also this
    command does not support ldap/custom registries that are
    plugged into Federated Repository.
    

Problem conclusion

Temporary fix

  • After "applyWizardSettings" command was issued, if password was
    still not updated, use "changeFileRegistryAccountPassword"
    command.
    

Comments

APAR Information

  • APAR number

    PM75115

  • Reported component name

    WEBS APP SERV N

  • Reported component ID

    5724H8800

  • Reported release

    700

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2012-10-16

  • Closed date

    2013-03-20

  • Last modified date

    2013-10-14

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    WEBS APP SERV N

  • Fixed component ID

    5724H8800

Applicable component levels

  • R700 PSY

       UP

  • R800 PSY

       UP

  • R850 PSY

       UP



Document information

More support for: WebSphere Application Server
General

Software version: 7.0

Reference #: PM75115

Modified date: 14 October 2013