on 05-05-2009 12:18 AM
Hi out there,
in the data center we have the requirement to generate new passwords for the administration users administrator, j2ee_admin, ... on a regular base. For every single system (and I'm talking about a lot of systems!) we now have to change the password in the User data store which is no problem for ABAP - I can automate it from a perl script using sapnwrfc (thanks to Piers Harding!) calling a BAPI setting the new password. But the bad side is that we have to click throught the whole config tool for resetting the password in question for every single system...
Do you know a possibility to set the administrator's password via CLI or API ?
Best regards,
Detlef Wartke
Hi Detlef,
I don't know of any API or CLI to reset the password in secure store. But it is saved in SecStore.properties in directory \SYS\global\security\data within a text file. It's coded in base64 if you don't choose to use a key. Maybe this will help you to find a solution.
Cheers,
Anja
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Anja,
thanks for the reply, but the secure stores are as they have to be: encrypted - and this is OK!
I do not intend to break the password encryption. I'm just looking for a more or less official way to connect to the system (authenticated) and change the password in the secure store from an automation script (I do not see how to automate the usage of the config tool).
any further ideas ? Is there perhaps a java class helping out there ?
Best regards
Detlef
You can try the following:
*(it's java coding, formatted and I put code tags around it. however, crappy Jive forum doesn't honor that apparently... sigh)*
import com.sap.security.core.server.secstorefs.SecStoreFS;
import javax.naming.Context;
import javax.naming.InitialContext;
import java.util.Properties;
public class CheckStore {
public static void main(String[] args) {
if (args.length < 3) {
System.err.println("please define the arguments:");
System.err.println(" SID data_file key_file");
return;
}
String sid = args[0];
String dataFile = args[1];
String keyFile = args[2];
String j2ee_host = null;
String j2ee_port = null;
String j2ee_admin = null;
String j2ee_pass = null;
String db_url = null;
try {
SecStoreFS.setSID(sid);
SecStoreFS.setDefaultFilenames(dataFile, keyFile);
SecStoreFS sec = new SecStoreFS();
sec.openExistingStore();
System.out.println("FS SS successful opened");
// Properties prop = sec.getStringPairs();
// Enumeration enum = prop.keys();
// do {
// String key = (String) enum.nextElement();
// System.out.println("[" + key + "] = " + sec.getStringValue(key));
// } while(enum.hasMoreElements());
j2ee_host = sec.getStringValue("admin/host/" + sid);
j2ee_pass = sec.getStringValue("admin/password/" + sid);
j2ee_port = sec.getStringValue("admin/port/" + sid);
j2ee_admin = sec.getStringValue("admin/user/" + sid);
db_url = sec.getStringValue("jdbc/pool/" + sid);
System.out.println(" sid : " + sid);
System.out.println(" data: " + dataFile);
System.out.println(" key : " + keyFile);
System.out.println(" host: " + j2ee_host);
System.out.println(" port: " + j2ee_port);
System.out.println(" user: " + j2ee_admin);
System.out.println(" pass: " + j2ee_pass);
System.out.println(" pass: " + db_url);
String newPass = "vil0dera";
sec.updatePair("admin/password/" + sid, newPass);
System.out.println("******set password " + newPass);
Properties p = new Properties();
p.put(Context.INITIAL_CONTEXT_FACTORY, "com.sap.engine.services.jndi.InitialContextFactoryImpl");
p.put(Context.SECURITY_PRINCIPAL, j2ee_admin);
p.put(Context.SECURITY_CREDENTIALS, j2ee_pass);
p.put(Context.PROVIDER_URL, j2ee_host + ":" + j2ee_port);
System.out.println(" ===> " + new InitialContext(p).lookup("keystore"));
System.out.println("\r\n JNDI context successfully created");
} catch (Exception e) {
System.err.println("ERROR : " + e.getMessage());
System.err.println("________________________________________________________________________________");
e.printStackTrace();
}
}
}
Calling it using
#!/bin/csh
set J2EE_HOME=/usr/sap/DI1
set CP_HOME=$J2EE_HOME/JC01/j2ee
set CP=.:$CP_HOME/cluster/bootstrap/exception.jar:$CP_HOME/cluster/bootstrap/logging.jar:$CP_HOME/cluster/bootstrap/tc_sec_secstorefs.jar:$J2EE_HOME/SYS/global/security/lib/tools/iaik_jce.jar:$CP_HOME/admin/lib/admin.jar
echo $CP
javac -classpath $CP CheckStore.java
java -classpath $CP CheckStore DI1 $J2EE_HOME/SYS/global/security/data/SecStore.properties $J2EE_HOME/SYS/global/security/data/SecStore.key
Markus
Hi Markus,
this seems to be exactly what I was looking for!
I need some time to check this out in detail. I'm not realy a java specialist and I do not even have installed the development environment for SAP... but I will start as soon as possible to check if it is working for me.
Thanks for your contribution!
Best regards,
Detlef Wartke
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.