Writer instructions
Page title	For most spaces, this page must be titled Space announcements. For spaces with localized content, this page must be titled Space announcements l10n.
Purpose	Provide an announcement banner on every page of your space.
Location	Move this page outside of your home branch.
Guidelines	Adding-a-banner-announcement-to-a-space

Changing default passwords

The MVMM Application Service enforces default security. The ApacheDS component of the MVMM Application Service enforces security. The system administrator (SA) is the default administrative user defined when the product is installed. Because the default password for ApacheDS is publicly available, we recommend that you change it as soon as possible.

For more information, see Duplicating, editing or deleting user.

The following sections provide guidelines for changing passwords and describe how to encode the new password:

Using the Cryptor method in the mqsusertool to encode the new password

In this example, the password BMCSOFTWARE is encoded and gives the following string:

D;1wqmhAxF08ijqKs=
mqsusertool --encode -t Cryptor BMCSOFTWARE
mqsusertool 5.0.00 (build 63)
(C) Copyright 1996-2010 BMC Software, Inc.
Reading defaults from services.cfg
Encoding 'BMCSOFTWARE' using algorithm Cryptor:
D;1wqmhAxF08ijqKs=

Use the returned encoded password in step 3 of the following procedure. For assistance with using mqsusertool, contact BMC Support. For more information see, Managing-security-information-with-mqsusertool-command-line-tool.

Changing the ApacheDS default password

Ensure the MVMM Application Service is running. MVMM services do not need to be stopped or restarted as part of this process.
At a command prompt in the installDir, use the mqsusertool command to set a new password, See the following for an example command line.
$ mqsusertool --account -ldap_admin_password NEW_PASSWORD -target LDAP -logon_password secret
mqsusertool 9.0.00 (build 480)
(C) Copyright 1996-2020 BMC Software, Inc.

Administrative password has been changed in the target.
Saving administrative password in services.cfg ...
Administrative password has been saved.
Successfully changed administrative password for target LDAP
Processing account settings completed successfully.
Keep a record of the new password in accordance with your security policies. It is required to unlock user accounts, and may be needed for support purposes.

Changing the msproxy_password

The msproxy_password is used by the Media Service account to secure access to the media repository within the product. The password is set to a unique, random, and cryptographically secure value (a type 4 UUID) during the product installation. The password is used only internally within the product and it cannot be used for any external access to the product. Hence, users do not need to know the original password value.

Use the mqsusertool tool to change the password to a new unique, random, and cryptographically secure value, or to a defined value according to your security requirements.

To change the password to a random value

Stop the Application Service before resetting the password value.
Use the sync option:
mqsusertool --account -sync -user msproxy -target FILE
Restart the Application Service after changing the password. This activates the new password.

To change the password to a defined value

Stop the Application Service before resetting the password value.
Execute the following command:
mqsusertool --account -user msproxy -password NEW_PASSWORD -target FILE
Restart the Application Service after changing the password. This activates the new password.

Disallowed characters in user and group names

User and group names allow only characters in the UTF-8 character set, with a few exceptions.

Disallowed characters in user and group names include: ! # % & ( ) * + , / : ; < = > ? @ [ ] ^ ` { | } ~ " ä ü ö e´ e`.

In addition, leading spaces and trailing spaces are disallowed, while internal spaces are allowed.