Improving security of storing VM manager passwords
Available from 9.2.9.
To improve security of storing passwords to
VM managers, you can overwrite the default key that is used to encrypt the passwords or change the
default password to the VM Manager Tool keystore. These two
procedures are independent. You can change the encryption key, the VM Manager Tool keystore password or both, depending on your
needs.
Procedure
-
To overwrite the default key that is used to encrypt passwords to VM managers, perform the
following steps.
-
Stop the VM Manager Tool.
- For local VM Manager Tool, run the following script. The
script also stops the License Metric Tool server.
/opt/ibm/LMT/cli/srvstop.sh
C:\Program Files\ibm\LMT\cli\srvstop.bat
- For central, distributed, and disconnected VM Manager Tool, run the following command.
-
./vmman.sh -stop -
vmman.bat -stop
- For local VM Manager Tool, run the following script. The
script also stops the License Metric Tool server.
-
Back up the config and keydb directories. By default,
the directories are in the following location.
- For local VM Manager Tool
- /opt/ibm/LMT/VMMAN
-
C:\Program Files\ibm\LMT\VMMAN
- For central and distributed VM Manager Tool
- /var/opt/BESClient/LMT/VMMAN
-
C:\Program Files (x86)\BigFix Enterprise\BES Client\LMT\VMMAN
- For disconnected VM Manager Tool
-
VM Manager Tool install dir/VMMAN
-
VM Manager Tool install dir\VMMAN
- For local VM Manager Tool
-
Run the following command.
-
./vmman.sh -regenerateencryptionkey -
vmman.bat -regenerateencryptionkey
-
Start the VM Manager Tool.
- For local VM Manager Tool, run the following script. The
script also starts the License Metric Tool server.
-
/opt/ibm/LMT/cli/srvstart.sh
-
C:\Program Files\ibm\LMT\cli\srvstart.bat
- For central, distributed, and disconnected VM Manager Tool, run the following command.
-
./vmman.sh -run -
vmman.bat -run
- For local VM Manager Tool, run the following script. The
script also starts the License Metric Tool server.
-
Stop the VM Manager Tool.
-
To change the default password to the VM Manager Tool
keystore, perform the following steps.
-
Stop the VM Manager Tool.
- For local VM Manager Tool, run the following script. The
script also stops the License Metric Tool server.
-
/opt/ibm/LMT/cli/srvstop.sh
-
C:\Program Files\ibm\LMT\cli\srvstop.bat
- For central, distributed, and disconnected VM Manager Tool, run the following command.
-
./vmman.sh -stop -
vmman.bat -stop
- For local VM Manager Tool, run the following script. The
script also stops the License Metric Tool server.
-
Back up the VM Manager Tool
keydb/keys.p12 and config/vmmmainconf.properties files. By
default, the files are in the following location.
- For local VM Manager Tool
- /opt/ibm/LMT/VMMAN
-
C:\Program Files\ibm\LMT\VMMAN
- For central and distributed VM Manager Tool
- /var/opt/BESClient/LMT/VMMAN
-
C:\Program Files (x86)\BigFix Enterprise\BES Client\LMT\VMMAN
- For disconnected VM Manager Tool
-
VM Manager Tool install dir/VMMAN
-
VM Manager Tool install dir\VMMAN
- For local VM Manager Tool
-
To change the password, run the following command.
-
./vmman.sh -changepassword -file <file_location>/keystore_password.txt -
vmman.bat -changepassword -file <file_location>\keystore_password.txt"
-fileis the path to the txt file in which you specified the new VM Manager Tool keystore password.After you run the command, the password is encrypted and saved in the vmmmainconf.properties under the vmm_keystore_password_do_not_change_it parameter. -
Start the VM Manager Tool.
- For local VM Manager Tool, run the following script. The
script also starts the License Metric Tool server.
-
/opt/ibm/LMT/cli/srvstart.sh
-
C:\Program Files\ibm\LMT\cli\srvstart.bat
- For central, distributed, and disconnected VM Manager Tool, run the following command.
-
./vmman.sh -run -
vmman.bat -run
- For local VM Manager Tool, run the following script. The
script also starts the License Metric Tool server.
-
Stop the VM Manager Tool.