Installation and Upgrade Guides › Policy Server Installation Guide › Configuring LDAP Directory Servers as a Policy or Key Store › CA Directory as a Policy Store › How to Configure the Policy Store › Set the SiteMinder Super User Password

Set the SiteMinder Super User Password

The default SiteMinder administrator account is named siteminder. This account has maximum permissions. Set the password for this account so it can be used to manage the SiteMinder user interfaces and utilities until additional SiteMinder administrators can be created.

Note: The smreg utility is located at the top level of the Policy Server installation kit.

To set the super user password

1. Copy the smreg utility to policy_server_home\bin.

   policy_server_home

   Specifies the Policy Server installation path.

2. Run the following command:

   smreg -su password
   

   Important! Before running a SiteMinder utility or executable on Windows Server 2008, open the command line window with administrator permissions. Open the command line window this way, even if your account has administrator privileges.

   password

   Specifies the password for the default SiteMinder administrator.

   Limits:

   • The password must contain at least six (6) characters and cannot exceed 24 characters.
   • The password cannot include an ampersand (&) or an asterisk (*).
   • If the password contains a space, enclose the passphrase with quotation marks.

   Note: The password is not case sensitive, except when the password is stored in an Oracle policy store.

3. Delete the smreg utility from policy_server_home\bin. Deleting smreg prevents someone from changing the password without knowing the previous one.

   The password for the default SiteMinder administrator account is set.

Note: We recommend that you do not use the default super user for day–to–day operations. Use the default super user to:

• Import the default policy store objects.
• Access the FSS Administrative UI and Administrative UI for the first–time. We recommend creating another administrator with super user permissions.

More information:

Locate the Installation Media

Installation Media Names

Verify the CA Directory Cache Configuration

You can verify that the DXcache settings are enabled using the DXconsole.

Note: By default, the DxConsole is only accessible from localhost. For more about using the set dsa command to let the DxConsole accept a connection from a remote system, see the Directory Configuration Guide.

Follow these steps:

1. From a command prompt, enter the following command to Telnet to the DSA DXConsole port:

   telnet DSA_Host DXconsole_Port
   

   DSA_Host

   Specifies the host name or IP address of the system hosting the DSA.

   Note: If you are on the localhost, enter localhost. Entering a host name or IP Address results in a failed connection.

   DXConsole_Port

   Specifies the port on which the DXconsole is listening. This value appears in the console-port parameter of the following file:

   DXHOME\config\knowledge\DSA_Name.dxc

   Default: The DXconsole port is set to the value of the DSA port +1.

   Example: If the DSA is running on port 19389, the DXconsole port is 19390.

   The DSA Management Console appears.

2. Enter the following command:

   get cache;
   

   The DSA Management Console displays the current DSA DXcache settings and specifies the directory caching status.

3. Enter the following command:

   logout;
   

   Closes the DXconsole and returns to the system prompt.