Product Documentation

Changing the password of the MariaDB skles user on the appliance is a slightly involved process, as it requires restarting the Payara Application Server and having the Key Custodians reactivate the cryptographic hardware module on the appliance. So, it must be performed only at a time when production applications can afford to wait for cryptographic services during this activity.

StrongKey typically supplies a default password—AbracaDabra—for this user, with instructions to change it immediately. The process to change the password is as follows:

  1. Ensure that appliance is not processing transactions and all Key Custodians are pared to reactivate the appliance.

  2. Login to the appliance as the Linux strongauth user, either on the console or through SSH over the network. The SSH port should be open by default.

  3. If logged in on the console of the appliance and in GUI mode, open a terminal.

  4. Start the MariaDB client application as the root user with the following command:

    mariadb -u root -p mysql 
  5. Enter the current password when prompted.

  6. When logged in, type the following command to change the MariaDB password: (replace the phrase new-password with the desired new password):

    set password for 'skles'@localhost=password('new-password');
  7. Type the following to ensure the password changes are visible to the database engine:

    flush privileges; 
  8. Exit from the MariaDB program with the exit command.

That should change the password for the MariaDB skles user inside the MariaDB database.

A Payara Application Server property must be modified; it allows the SAKA key management application to access the MariaDB database using the new password; perform this with the Payara Administration command line tool asadmin.

  1. Type the following command to change the password in Payara:

    asadmin set resources.jdbc-connection-pool.SAKAPool.property.password=<NewPass>
  2. Restart Payara for the password change to take effect:

    sudo systemctl restart payara
  3. Once the restart has completed, have Key Custodians set PINs on this SAKA to activate the cryptographic services.

This completes changing the MariaDB skles user password. Repeat this process on all other SAKA servers.