To protect the credential information used by the Web server security plug-in, the credential information is moved out of the plug-in configuration file and placed in an encrypted file called default_credential.txt. The plug-in configuration file includes the MISC_INFO_FILE property, which points to the encrypted credential file; for example:
MISC_INFO_FILE=/work/default_credential.txt
The encrypted credential file contains:
JAGUARADMINNAME=jagadmin JAGUARADMINPASSWORD =WEBPLUGIN WEBPLUGINUSERNAME=EPWebServerPlugin WEBPLUGINPASSWORD=sybase SYBTOKENPASSWORD=sybase
The encrypted credential file is provided as part of the security administration component that is installed inside the firewall.
Enterprise Security provides a utility (webplugin_util) that allows you to encrypt and decrypt the credential file after changing the passwords. This utility is stored in the bin subdirectory of your Enterprise Security installation.
For Enterprise Portal customers, this utility was changed with the release of Enterprise Portal 2.5 (this has no effect on EAServer customers). If you encrypted your key file with an older version of the utility, you must use that same version of the utility to decrypt the file. You can then use the new version to reencrypt the file.
WARNING! Because webplugin_util can be used to decrypt the credential file, you must store it on a trusted machine; that is, not on the machine where the Web server is running.
Running webplugin_util
Copy the encrypted credential file from the Web server machine to the trusted machine where the utility resides.
At the UNIX or Windows command line, decrypt the credential file:
webplugin_util -decrypt file_name
Edit the information in the credential file as necessary.
At the UNIX or Windows command line, reencrypt the credential file:
webplugin_util -encrypt file_name
Copy the credential file back to the Web server machine and apply the appropriate permissions to the credential file at the operating system level.
The WEBPLUGINUSERNAME property specifies the subject UID the plug-in is running as. By default, WEBPLUGINUSERNAME is assigned the subject EPWebServerPlugin. To assign a subject other than EPWebServerPlugin to the plug-in, that subject must be granted the PortalWebPlugin role.
