Change system passwords
This topic describes how to change the encryption key password and the admin user’s password.
If you have forgotten the password for the built-in admin user and you do not have the password for another user with the admin global permission, then you cannot authenticate with the XL Deploy server to change the admin password. It is strongly recommended that you create at least one additional user with the admin permission to prevent this situation.
Passwords that are stored in the repository are encrypted with an encryption key that is stored in a keystore file called
XL_DEPLOY_SERVER_HOME/conf/repository-keystore.jceks. For additional security, you can optionally protect the keystore file with a password. If a password is set, you need to enter it when the XL Deploy server starts.
repository-keystore.jceks is one of two keystore concepts in XL Deploy. This keystore only contains the key used for encryption of passwords in the repository. If you use HTTPS, XL Deploy will use a second keystore file to store the self-signed certificate.
To change the keystore password, you can use the
keytool utility that is provided with the Java JDK distribution:
keytool -storepasswd -keystore conf/repository-keystore.jceks -storetype jceks
keytool utility will not read or set passwords that are shorter than 6 characters. If you want to change a keystore with an empty or short password, use KeyStore Explorer.
XL Deploy’s built-in admin user has administrative permissions. You set the admin password when you install XL Deploy. To change the admin password:
- Ensure that the XL Deploy server is running.
- Start the XL Deploy command-line interface (CLI) as the admin user or as another user with the admin global permission.
Execute the following commands:
adminUser = security.readUser('admin') adminUser.password = 'newpassword' security.modifyUser(adminUser)
- Stop the XL Deploy server.
- In the
admin.passwordto the new password. XL Deploy will encrypt this password when it starts.
- Start the XL Deploy server.
Test the credentials by executing the following command in the CLI: