Changing key HCL Workload Automation passwords

About this task

When you change passwords for key users in your HCL Workload Automation environment, there are various operations to perform, depending on which user's password is being changed, the type of operating system on which it is deployed, and the type of HCL Workload Automation node where the password is being changed.

If you decide to proceed manually, the following pages describe what you have to do if the passwords of any of the following users change:

HCL Workload Automation instance owner

The <TWS_user> (the instance owner) of a HCL Workload Automation component .

WebSphere Application Server Liberty Base user

The WebSphere Application Server Liberty Base user which authenticates the <TWS_user> being used by HCL Workload Automation components. For more information, see the WebSphere Application Server Liberty Base documentation, for example securityUtility command.

This utility requires the JAVA_HOME environment variable to be set. If you do not have Java installed, you can optionally use the Java version provided with the product and available in:

HCL Workload Automation: <INST_DIR>/TWS/JavaExt/jre/jre
Dynamic Workload Console: <DWC_INST_DIR>/java/jre/bin

Streamlogon user

The streamlogon user of any job run in the HCL Workload Automation environment (jobs running on Windows® only)

For all other users of HCL Workload Automation, no action is required if their passwords change.

Note: After changing any password, restart WebSphere Application Server Liberty Base.

Before changing any passwords, you must first change the password at the operating system level using native commands, as follows:

On UNIX operating systems: use the passwd command.
On Windows operating systems: use the net user command.

If you use special characters in the password, ensure you use a "\" (backslash) before the special character. The following rules apply:

On Windows™ operating systems:: Passwords for users can include any alphanumeric characters and ()!?=^*/~[]$_+;:.,@`-#.
On UNIX™ and LINUX systems:: Passwords for users can include any alphanumeric characters and ()!?=*~_+.-.

See If and where password changes are required to determine if a change of password requires actions to be taken for a role on the different HCL Workload Automation components. Look up the role and the component and determine from the corresponding table cell where the changes must be made:

If the cell contains a "✓", make the change on the system where the indicated component is running
If the cell contains "MDM", make the change on the master domain manager to which the component belongs

Table 1. If and where password changes are required
Role	MDM	BKM	FTA	FTA + CONN
HCL Workload Automation instance owner (Windows®)	✓	✓	✓	✓
WebSphere Application Server Liberty Base user	✓	✓		✓
Database user	✓	✓
Streamlogon user (Windows®)	✓	✓	MDM	MDM

For example, if you are the TWS_user (the instance owner) of a fault-tolerant agent, you need to implement the password change on the system where the fault-tolerant agent is installed, but if you are also the streamlogon user of jobs running on that system, the changes required for the new password must be applied at the master domain manager to which the fault-tolerant agent belongs.