Utility to change WebSphere security properties file

Technote (FAQ)


Is there a utility for changing the WebSphere security properties file when the password for the Tivoli Workload Scheduler (TWS) user, the database user, or the embedded WebSphere Application Server (WAS) is changed?


There is not an easy way in TWS v8.4 or v8.5.0 to update key passwords when they are changed for the TWS user, the database user, or the embedded WebSphere Application Server user.


For TWS v8.5.1 and v8.6.0: There is a utility in the <TWAHome>/wastools directory called "changePassword.sh" that updates the necessary files when a password changes for the TWS, DB user, or WAS user. The utility is discussed in the TWS Administration Guide v8.6.02 under the Administrative Tasks ---> "Changing key Tivoli Workload Scheduler passwords".

For TWS v8.4 and v8.5.0 : The chg_pass.sh utility (attachment at the bottom of this Technote) can be used to make changes to the WebSphere properties file.

Utility overview

The chg_pass.sh utility script is designed to run from Tivoli Workload Scheduler (TWS) Version 8.4 or v8.5.0 workstation with the following UNIX operating systems:


NOTE: If this script does not work in your environment, TWS support does not provide assistance with modifications you must make. This script is provided "as-is" as an example for your reference.

The chg_pass.sh script is used to change WebSphere Security Properties when either the TWS or Database (DB) (DB2 or Oracle) user password has changed. The chg_pass.sh utility script may be run from a UNIX prompt or as a defined job on either TWS Fault Tolerant Agent (FTA), Backup Domain Manager (BKM) or Master Domain Manager (MDM) workstation.

ch_pass.sh Requirements
The script may exist in any directory. The chg_pass.sh script is executed by the root user and must have execute permissions. This requirement is necessary since WebSphere operations performed by the script require root access.

If script is defined as a TWS job script path must be specified in job definition and logon user must be root. Defining chg_pass.sh as a job in advance permits execution whenever the password changes for the TWS or DB user.

The chg_pass.sh must run after the password has changed for either TWS or DB user. This is why it is suggested that this be a scheduled job otherwise it will need to be executed soon after password has changed.

The /tmp directory must exist on the workstation since the /tmp directory is where temporary files will be generated. The temporary files will be removed when script completes.

The “thiscpu” variable in the TWSHome/localopts and entries in /etc/TWS/TWSRegistry.dat file for TWSuser must be correct and valid. For TWS 8.5 the /etc/TWA/*.properties files are used to discover elements used to manage the WebSphere server process.

The chg_pass.sh always requires the TWS user name, and TWS user password. If the DB user password changed, the TWS user name, TWS user password, DB user and DB password are required when the executing chg_pass.sh.

Once the chg_pass.sh has completed successfully normal operations may resume.

Technote updated: 01 April, 2013

Product Alias/Synonym


Rate this page:

(0 users)Average rating

Add comments

Document information

More support for:

Tivoli Workload Scheduler

Software version:

8.3, 8.4, 8.5, 8.5.1, 8.6

Operating system(s):

AIX, HP-UX, Linux, Solaris

Reference #:


Modified date:


Translate my page

Machine Translation

Content navigation