I am planning to change the admin user's password. On reading the different posts and Adobe documents it looks like the password can be changed in the following locations in AEM 6.5. Please note that the Publisher is using the CRX file system repository and the Author is connected to a Oracle database to access it's repository.
1. http://server:port/aem/start.html | Tools | Security | Users | find and click on 'admin' user | in Account Setting change the password.
2. http://server:port//crx/explorer/index.jsp | User Administration | Find 'admin' user | Change Password, and change the password.
3. http://server:port/system/console/configMgr | Find 'Apache Felix OSGi Management Console | Click on it and Change password.
4. http://server:port/system/console/configMgr | Find 'Adobe LiveCycle Client SDK Configuration' | Click on it. Here the user is 'administrator' and not 'admin' | Change password.
My questions are:
a. Does the admin password need to be changed in all these 4 links and in any other link that I missed out?
b. Is there a specific order in which the admin password needs to be changed? What will be the order?
c. Is there any service that needs to be stopped and restarted after the admin password is changed?
d. Besides the error.log and access.log is there any other log file that I need to monitor to very that the password change was successful?
e. Since the Author repository is in the Oracle database, is there anything different I need to do to change the admin password, and how will I verify the password change was successful.
You need to change Password for AEM and OSGi Console Admin Accounts.
These accounts include:
The AEM admin account: Once you have changed the password for the AEM admin account, you will need to use the new password when accessing CRX.
The admin password for the OSGi Web console: This change will also be applied to the admin account used for accessing the Web console, so you will need to use the same password when accessing that.
Changing the AEM admin password: The password for the AEM admin account can be changed via the Granite Operations - Users console at <server>:<port>/aem/start.html ->Tools -> Security -> Users -> find and click on 'administrator' user -> in Account Setting change the password.
Changing the admin account also changes the OSGi web console account. After changing the admin account, you should then change the OSGi account to something different.
Once the password is changed you will get the following entry in error.log where the highlighted one will be your admin user path.
POST /home/users/u/uyfKrue0Yf3osAq5viju.rw.userprops.html HTTP/1.1] com.adobe.granite.security.user.internal.servlets.AuthorizableServlet Password Change for User 'admin' operation initiated by User 'admin' (administrator) POST /home/users/u/uyfKrue0Yf3osAq5viju.rw.userprops.html HTTP/1.1] com.adobe.granite.security.user.internal.audit.AuditAuthorizableAction Password for User 'admin' was changed
Changing the OSGi web console admin password: You must also change the password used for accessing the Web console.Navigate to the web console at <server>:<port>/system/console/configMgr. Navigate to Apache Felix OSGi Management Console and change the user name and password.
You do not have to stop or restart any bundle. If possible just restart the instance once. But this is not mandatory. I do prefer to restart when I make any major change to repo. 🙂
Refer only the article from adobe here from the Security Checklist which is applicable for all AEM instance. It has the detailed step how to perform the password update operation for an "admin" user as part of the Security checklist.