Changing default passwords
To encode the new password use the Cryptor method in the mqsusertool
In this example, the password BMCSOFTWARE is encoded and gives the following string:
D;1wqmhAxF08ijqKs=
mqsusertool --encode -t Cryptor BMCSOFTWARE
mqsusertool 5.0.00 (build 63)
(C) Copyright 1996-2010 BMC Software, Inc.
Reading defaults from services.cfg
Encoding 'BMCSOFTWARE' using algorithm Cryptor:
D;1wqmhAxF08ijqKs=
Use the returned encoded password in step 3 of the following procedure. For assistance with using mqsusertool, contact BMC Support. For more information see, Managing-security-information-with-mqsusertool-command-line-tool.
To change the ApacheDS default password
- Ensure the MVMM Application Service is running. MVMM services do not need to be stopped or restarted as part of this process.
At a command prompt in the installDir, use the mqsusertool command to set a new password, See the following for an example command line.
$ mqsusertool --account -ldap_admin_password NEW_PASSWORD -target LDAP -logon_password secret
mqsusertool 9.0.00 (build 480)
(C) Copyright 1996-2020 BMC Software, Inc.
Administrative password has been changed in the target.
Saving administrative password in services.cfg ...
Administrative password has been saved.
Successfully changed administrative password for target LDAP
Processing account settings completed successfully.- Keep a record of the new password in accordance with your security policies. It is required to unlock user accounts, and may be needed for support purposes.
Changing the msproxy_password
The msproxy_password is used by the Media Service account to secure access to the media repository within the product. The password is set to a unique, random, and cryptographically secure value (a type 4 UUID) during the product installation. The password is used only internally within the product and it cannot be used for any external access to the product. Hence, users do not need to know the original password value.
Use the mqsusertool tool to change the password to a new unique, random, and cryptographically secure value, or to a defined value according to your security requirements.
To change the password to a random value
- Stop the Application Service before resetting the password value.
Use the sync option:
mqsusertool --account -sync -user msproxy -target FILE- Restart the Application Service after changing the password. This activates the new password.
To change the password to a defined value
- Stop the Application Service before resetting the password value.
Execute the following command:
mqsusertool --account -user msproxy -password NEW_PASSWORD -target FILE- Restart the Application Service after changing the password. This activates the new password.
Disallowed characters in user and group names
User and group names allow only characters in the UTF-8 character set, with a few exceptions.
Disallowed characters in user and group names include: ! # % & ( ) * + , / : ; < = > ? @ [ ] ^ ` { | } ~ " ä ü ö e´ e`.
In addition, leading spaces and trailing spaces are disallowed, while internal spaces are allowed.