Let's say you issue a command on the command line and are prompted for a username and password. For example, this could occur when using the startServer command to start a WebSphere application server.

When you are prompted for a username and password, this means that administrative security is enabled.

~]$ ${WAS_INSTALL_ROOT}/profiles/your_profile/bin/wsadmin.sh -lang jython -c "print AdminTask.isGlobalSecurityEnabled()"
WASX7209I: Connected to process "dmgr" on node node01 using SOAP connector;  The type of process is: DeploymentManager
true

And your username and password have not been defined in the soap.client.props file (for SOAP connections) or sas.client.props file (for RMI or JSR160RMI connections) or ipc.client.props file (for IPC connections).

~]# ${WAS_INSTALL_ROOT}/profiles/your_profile/bin/startServer.sh server1
Username:
Password:

One option is to include the -user or -username and -password options on the command line.

${WAS_INSTALL_ROOT}/profiles/your_profile/bin/startServer.sh server1 -username wasadmin -password itsasecret

However, the use of the -user and -password options is highly discouraged because the username and password provided could be intercepted using the ps command (Linux).

~]# ps -ef | grep java
com.ibm.ws.admin.services.WsAdmin -user wasadmin -password itsasecret

The username and password can be entered in the ${WAS_INSTALL_ROOT}/profiles/your_profile/properties/soap.client.props file for SOAP connections (see -conntype SOAP).

• com.ibm.SOAP.securityEnabled must be set to true if administrative security is enabled

com.ibm.SOAP.securityEnabled=true
com.ibm.SOAP.loginUserid=wasadmin
com.ibm.SOAP.loginPassword=itsasecret
com.ibm.SOAP.loginSource=none

Or, the username and password can be entered in the ${WAS_INSTALL_ROOT}/profiles/your_profile/properties/sas.client.props file for RMI or JSR160RMI connections (see -conntype RMI / -conntype JSR160RMI).

com.ibm.CORBA.loginUserid=wasadmin
com.ibm.CORBA.loginPassword=itsasecret
com.ibm.CORBA.loginSource=properties

Or, the username and password can be entered in the ${WAS_INSTALL_ROOT}/profiles/your_profile/properties/ipc.client.props file for IPC connections (see -conntype IPC). You will also comment out the login source line.

com.ibm.IPC.loginUserid=wasadmin
com.ibm.IPC.loginPassword=itsasecret
# com.ibm.IPC.loginSource=prompt

Or, with the wsadmin command, -conntype NONE can be used, to make an unauthenticated connection.

wsadmin.sh -conntype NONE

You may then want to use PropFilePasswordEncoder to XOR encode the cleartext password.

${WAS_INSTALL_ROOT}/profiles/your_profile/bin/PropFilePasswordEncoder.sh ${WAS_INSTALL_ROOT}/profiles/your_profile/properties/soap.client.props com.ibm.SOAP.loginPassword

After the PropFilePasswordEncoder script completes, if you re-check the client.props file, you should see something like this.

com.ibm.SOAP.loginPassword={xor}Gi16ABcdAApuAB=