Powered by Algolia

    Manual password update for OpenIAM services in RPM

    When performing the RPM-based installation of OpenIAM you were proposed to use a default password for OpenIAM services, namely Elasticsearch, RabbitMQ and Redis. However, if you want to change default passwords, it can be done manually using the steps below.

    Changing password for Elasticsearch

    1. Navigate to the certificate directory at /usr/local/openiam/vault/certs/ using a cd command.
    cd /usr/local/openiam/vault/certs/
    1. Retrieve the vault unseal keys as shown below.
    [root@password certs]# cat unseal.keys
    {"keys":["fed349c10e55c4109001972b1f51186408c66192330769ea4ce1cc768467b03f77","2fcfebc1f7dcfd2a6d65cd64e9b251264b898ac2384dbde60bfcdf7554a2b3bb44","5869d88c1345b2c3a03eec5e7421715ad7ba920c46840aa251662483333c11e7fa","caba768d2989818901844944c4f9980501b6891c765f9c768663251f1cb4fc1cf7","8253cfa0423f1201175031011ffec6f36efbfa0d41ab38c92af05c8e4848c4c778"],"keys_base64":["/tNJwQ5VxBCQAZcrH1EYZAjGYZIzB2nqTOHMdoRnsD93","L8/rwffc/SptZc1k6bJRJkuJisI4Tb3mC/zfdVSis7tE","WGnYjBNFssOgPuxedCFxWte6kgxGhAqiUWYkgzM8Eef6","yrp2jSmJgYkBhElExPmYBQG2iRx2X5x2hmMlHxy0/Bz3","glPPoEI/EgEXUDEBH/7G8277+g1BqzjJKvBcjkhIxMd4"],"root_token":"hvs.uNGRfy1tPcTo8f6TwKAzC4hy"}
    [root@password certs]#
    1. Authenticate with vault using the root_token value from above output.
    [root@password certs]# vault login hvs.uNGRfy1tPcTo8f6TwKAzC4hy
    WARNING! VAULT_ADDR and -address unset. Defaulting to https://127.0.0.1:8200.
    Error authenticating: error looking up token: Get "https://127.0.0.1:8200/v1/auth/token/lookup-self": tls: failed to verify certificate: x509: cannot validate certificate for 127.0.0.1 because it doesn't contain any IP SANs
    [root@password certs]#

    If you see above error please export below variable and proceed further.

    [root@password certs]# export VAULT_SKIP_VERIFY=true
    [root@password certs]# vault login hvs.uNGRfy1tPcTo8f6TwKAzC4hy
    WARNING! VAULT_ADDR and -address unset. Defaulting to https://127.0.0.1:8200.
    Success! You are now authenticated. The token information displayed below
    is already stored in the token helper. You do NOT need to run "vault login"
    again. Future Vault requests will automatically use this token.
    

    Key                  Value
    ---                  -----
    token                hvs.uNGRfy1tPcTo8f6TwKAzC4hy
    token_accessor       0S6c1ASm0uCefSMlkXpujNYH
    token_duration       ∞
    token_renewable      false
    token_policies       ["root"]
    identity_policies    []
    policies             ["root"]
    [root@password certs]#
    1. Retrieve the existing Elasticsearch password with the commands below.
    [root@rpm certs]# vault kv list secret/openiam/
    [root@password certs]# vault kv get secret/openiam/ELASTICSEARCH_PASSWORD
    WARNING! VAULT_ADDR and -address unset. Defaulting to https://127.0.0.1:8200.
    ==== Data ====
    Key      Value
    ---      -----
    value    KVIPH0VRnAbXJfpsdplkzYvcdruWH2qW
    [root@password certs]# vault kv get secret/openiam/vault.secret.elasticsearch.password
    WARNING! VAULT_ADDR and -address unset. Defaulting to https://127.0.0.1:8200.
    ==== Data ====
    Key      Value
    ---      -----
    value    KVIPH0VRnAbXJfpsdplkzYvcdruWH2qW
    [root@password certs]#
    1. Update the Elasticsearch password in Vault as shown below.
    [root@password certs]# vault kv put secret/openiam/ELASTICSEARCH_PASSWORD value="SWxdwHfClx7sRkWRgZ1cBNwtqupDw16C"
    WARNING! VAULT_ADDR and -address unset. Defaulting to https://127.0.0.1:8200.
    Success! Data written to: secret/openiam/ELASTICSEARCH_PASSWORD
    [root@password certs]# vault kv put secret/openiam/vault.secret.elasticsearch.password value="SWxdwHfClx7sRkWRgZ1cBNwtqupDw16C"
    WARNING! VAULT_ADDR and -address unset. Defaulting to https://127.0.0.1:8200.
    Success! Data written to: secret/openiam/vault.secret.elasticsearch.password
    1. Verify password update in Vault using the example below.
    [root@password certs]# vault kv get secret/openiam/ELASTICSEARCH_PASSWORD                                                     WARNING! VAULT_ADDR and -address unset. Defaulting to https://127.0.0.1:8200.
    ==== Data ====
    Key      Value
    ---      -----
    value    SWxdwHfClx7sRkWRgZ1cBNwtqupDw16C
    [root@password certs]# vault kv get secret/openiam/vault.secret.elasticsearch.password                                        WARNING! VAULT_ADDR and -address unset. Defaulting to https://127.0.0.1:8200.
    ==== Data ====
    Key      Value
    ---      -----
    value    SWxdwHfClx7sRkWRgZ1cBNwtqupDw16C
    1. Update Elasticsearch password using API.
    curl -u "elastic:<old_password>" -XPOST -H "Content-Type: application/json" \
    "http://localhost:9200/_security/user/elastic/_password" \
    -d '{ "password": "<new_password>" }'

    The successful output after the password change will look as follows.

    [root@password certs]# curl -u "elastic:KVIPH0VRnAbXJfpsdplkzYvcdruWH2qW" \
    -XPOST -H "Content-Type: application/json" \
    "http://localhost:9200/_security/user/elastic/_password" \
    -d "{ \"password\": \"SWxdwHfClx7sRkWRgZ1cBNwtqupDw16C\" }"
    {}[root@password certs]#
    1. Restart Elasticsearch service with the commands bellow.
     [root@password certs]#
    [root@password certs]# systemctl restart elasticsearch                                                                        [root@password certs]# systemctl status elasticsearch                                                                         ● elasticsearch.service - Elasticsearch
         Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; preset: disabled)
         Active: active (running) since Tue 2025-03-04 08:24:56 UTC; 7s ago
           Docs: https://www.elastic.co
       Main PID: 74675 (java)
          Tasks: 91 (limit: 406172)
         Memory: 4.4G
            CPU: 45.788s
         CGroup: /system.slice/elasticsearch.service
                 ├─74675 /usr/local/openiam/jdk//bin/java -Xshare:auto -Des.networkaddress.cache.ttl=60 -Des.networkaddress.cache>
                 └─74830 /usr/share/elasticsearch/modules/x-pack-ml/platform/linux-x86_64/bin/controller
    

    Mar 04 08:24:44 password systemd[1]: Starting Elasticsearch...
    Mar 04 08:24:46 password systemd-entrypoint[74675]: OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecate>
    Mar 04 08:24:56 password systemd[1]: Started Elasticsearch.
    

    [root@password certs]#
    1. Validate Elasticsearch connection as follows.
    [root@password certs]# curl -u elastic:SWxdwHfClx7sRkWRgZ1cBNwtqupDw16C http://localhost:9200/_cluster/health
    {"cluster_name":"elasticsearch","status":"yellow","timed_out":false,"number_of_nodes":1,"number_of_data_nodes":1,"active_primary_shards":25,"active_shards":25,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":18,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":58.139534883720934}[root@password certs]#
    Step 10: Restart OpenIAM Services
    openiam-cli status
    openiam-cli stop
    openiam-cli start

    Password update for RabbitMQ

    1. Retrieve the existing RabbitMQ password by running:
    [root@rpm certs]# vault kv list secret/openiam/
    Keys
    

    ACTIVITI_JDBC_PASSWORD
    ACTIVITI_JDBC_USERNAME
    ELASTICSEARCH_PASSWORD
    ELASTICSEARCH_USERNAME
    IAM_JKS_COMMON_KEY_PASSWORD
    IAM_JKS_COOKIE_KEY_PASSWORD
    IAM_JKS_KEY_PASSWORD
    IAM_JKS_PASSWORD
    JDBC_PASSWORD
    JDBC_USERNAME
    KEYSTORE_PASSWORD
    RABBITMQ_PASSWORD
    RABBITMQ_USERNAME
    REDIS_PASSWORD
    SPRING_RABBITMQ_PASSWORD
    SPRING_RABBITMQ_USERNAME
    SPRING_REDIS_PASSWORD
    jks/
    vault.secret.activiti.jdbc.password
    vault.secret.activiti.jdbc.username
    vault.secret.elasticsearch.password
    vault.secret.elasticsearch.username
    vault.secret.iam.jks.common.key.password
    vault.secret.iam.jks.cookie.key.password
    vault.secret.iam.jks.key.password
    vault.secret.iam.jks.password
    vault.secret.jdbc.password
    vault.secret.jdbc.username
    vault.secret.keystore.password
    vault.secret.rabbitmq.password
    vault.secret.rabbitmq.username
    vault.secret.redis.password
    vault.secret.spring.rabbitmq.password
    vault.secret.spring.rabbitmq.username
    vault.secret.spring.redis.password
    [root@rpm certs]#
    [root@rpm certs]#
    [root@rpm certs]#
    [root@rpm certs]# vault kv list secret/openiam/ | grep -i rabbit
    RABBITMQ_PASSWORD
    RABBITMQ_USERNAME
    SPRING_RABBITMQ PASSWORD
    SPRING_RABBITMQ_USERNAME
    vault.secret.rabbitmq.password
    vault.secret.rabbitmq.username
    vault.secret.spring.rabbitmq.password
    vault.secret.spring.rabbitmq.username
    [root@rpm certs]#
    

    [root@rpm certs]# vault kv get secret/openiam/RABBITMQ_PASSWORD
    ==== Data ====
    Key      Value
    ---      -----
    value    passwd00
    [root@rpm certs]# vault kv get secret/openiam/SPRING_RABBITMQ_PASSWORD
    ==== Data ====
    Key      Value
    ---      -----
    value    passwd00
    [root@rpm certs]# vault kv get secret/openiam/vault.secret.rabbitmq.password
    ==== Data ====
    Key      Value
    ---      -----
    value    passwd00
    [root@rpm certs]# vault kv get secret/openiam/vault.secret.spring.rabbitmq.password
    ==== Data ====
    Key      Value
    ---      -----
    value    passwd00
    1. Update the RabbitMQ password in Vault, as shown below.
    vault kv put secret/openiam/RABBITMQ_PASSWORD value="<new_password>"
    vault kv put secret/openiam/SPRING_RABBITMQ_PASSWORD value="<new_password>"
    vault kv put secret/openiam/vault.secret.rabbitmq.password value="<new_password>"
    vault kv put secret/openiam/vault.secret.spring.rabbitmq.password value="<new_password>"

    The example process looks as follows.

    [root@rpm certs]# vault kv put secret/openiam/RABBITMQ_PASSWORD value="openiam01"
    Success! Data written to: secret/openiam/RABBITMQ_PASSWORD
    [root@rpm certs]# vault kv put secret/openiam/SPRING_RABBITMQ_PASSWORD value="openiam01"
    Success! Data written to: secret/openiam/SPRING_RABBITMQ_PASSWORD
    [root@rpm certs]# vault kv put secret/openiam/vault.secret.rabbitmq.password value="openiam01"
    Success! Data written to: secret/openiam/vault.secret.rabbitmq.password
    [root@rpm certs]# vault kv put secret/openiam/vault.secret.spring.rabbitmq.password value="openiam01"
    Success! Data written to: secret/openiam/vault.secret.spring.rabbitmq.password
    1. Verify password update in Vault using the commands below.
    [root@rpm certs]# vault kv get secret/openiam/RABBITMQ_PASSWORD
    ==== Data ====
    Key      Value
    ---      -----
    value    openiam01
    [root@rpm certs]# vault kv get secret/openiam/SPRING_RABBITMQ_PASSWORD
    ==== Data ====
    Key      Value
    ---      -----
    value    openiam01
    [root@rpm certs]# vault kv get secret/openiam/vault.secret.rabbitmq.password
    ==== Data ====
    Key      Value
    ---      -----
    value    openiam01
    [root@rpm certs]# vault kv get secret/openiam/vault.secret.spring.rabbitmq.password
    ==== Data ====
    Key      Value
    ---      -----
    value    openiam01
    [root@rpm certs]# systemctl status rabbitmq-server
    ● rabbitmq-server.service - RabbitMQ broker
       Loaded: loaded (/usr/lib/systemd/system/rabbitmq-server.service; enabled; vendor preset: disabled)
       Active: active (running) since Sun 2025-03-30 04:15:27 UTC; 41min ago
     Main PID: 977 (beam.smp)
        Tasks: 36 (limit: 408643)
       Memory: 407.6M
       CGroup: /system.slice/rabbitmq-server.service
               ├─ 977 /usr/lib64/erlang/erts-12.3.2/bin/beam.smp -W w -MBas ageffcbf -MHas ageffcbf -MBlmbcs 512 -MHlmbcs 512 -MM>
               ├─1098 erl_child_setup 32768
               ├─1729 /usr/lib64/erlang/erts-12.3.2/bin/epmd -daemon
               ├─1794 inet_gethost 4
               └─1795 inet_gethost 4
    

    Mar 30 04:15:25 rpm rabbitmq-server[977]:   Doc guides:  https://rabbitmq.com/documentation.html
    Mar 30 04:15:25 rpm rabbitmq-server[977]:   Support:     https://rabbitmq.com/contact.html
    Mar 30 04:15:25 rpm rabbitmq-server[977]:   Tutorials:   https://rabbitmq.com/getstarted.html
    Mar 30 04:15:25 rpm rabbitmq-server[977]:   Monitoring:  https://rabbitmq.com/monitoring.html
    Mar 30 04:15:25 rpm rabbitmq-server[977]:   Logs: /var/log/rabbitmq/rabbit@rpm.log
    Mar 30 04:15:25 rpm rabbitmq-server[977]:         /var/log/rabbitmq/rabbit@rpm_upgrade.log
    Mar 30 04:15:25 rpm rabbitmq-server[977]:         <stdout>
    Mar 30 04:15:25 rpm rabbitmq-server[977]:   Config file(s): (none)
    Mar 30 04:15:27 rpm systemd[1]: Started RabbitMQ broker.
    Mar 30 04:15:27 rpm rabbitmq-server[977]:   Starting broker... completed with 4 plugins.
    

    [root@rpm certs]# systemctl restart rabbitmq-server
    [root@rpm certs]# systemctl status rabbitmq-server
    ● rabbitmq-server.service - RabbitMQ broker
       Loaded: loaded (/usr/lib/systemd/system/rabbitmq-server.service; enabled; vendor preset: disabled)
       Active: active (running) since Sun 2025-03-30 04:57:26 UTC; 1s ago
      Process: 28801 ExecStop=/usr/sbin/rabbitmqctl shutdown (code=exited, status=0/SUCCESS)
     Main PID: 33128 (beam.smp)
        Tasks: 36 (limit: 408643)
       Memory: 161.2M
       CGroup: /system.slice/rabbitmq-server.service
               ├─33128 /usr/lib64/erlang/erts-12.3.2/bin/beam.smp -W w -MBas ageffcbf -MHas ageffcbf -MBlmbcs 512 -MHlmbcs 512 -M>
               ├─33145 erl_child_setup 32768
               ├─33186 /usr/lib64/erlang/erts-12.3.2/bin/epmd -daemon
               ├─33222 inet_gethost 4
               └─33223 inet_gethost 4
    

    Mar 30 04:57:25 rpm rabbitmq-server[33128]:   Doc guides:  https://rabbitmq.com/documentation.html
    Mar 30 04:57:25 rpm rabbitmq-server[33128]:   Support:     https://rabbitmq.com/contact.html
    Mar 30 04:57:25 rpm rabbitmq-server[33128]:   Tutorials:   https://rabbitmq.com/getstarted.html
    Mar 30 04:57:25 rpm rabbitmq-server[33128]:   Monitoring:  https://rabbitmq.com/monitoring.html
    Mar 30 04:57:25 rpm rabbitmq-server[33128]:   Logs: /var/log/rabbitmq/rabbit@rpm.log
    Mar 30 04:57:25 rpm rabbitmq-server[33128]:         /var/log/rabbitmq/rabbit@rpm_upgrade.log
    Mar 30 04:57:25 rpm rabbitmq-server[33128]:         <stdout>
    Mar 30 04:57:25 rpm rabbitmq-server[33128]:   Config file(s): (none)
    Mar 30 04:57:26 rpm rabbitmq-server[33128]:   Starting broker... completed with 4 plugins.
    Mar 30 04:57:26 rpm systemd[1]: Started RabbitMQ broker.
    1. Finish the password change with the below steps.
    openiam-cli stop
    systemctl stop rabbitmq-server
    cd /var/lib/RabbitMQ
    rm -rf mnesia
    systemctl start rabbitmq-server
    1. You also need to recreate vhost and provide proper permission with help of below script.
    #!/bin/bash
    

    set -e  # Exit immediately if a command exits with a non-zero status
    

    #### RABBITMQ UPGRADE SCRIPT ####
    . /usr/local/openiam/env.conf
    export VAULT_CERTS="$HOME_DIR/vault/certs/"
    export JAVA_HOME="$HOME_DIR/jdk"
    export VAULT_HOME="$HOME_DIR/utils/vault/"
    

    . ${VAULT_HOME}validate.vault.sh
    

    export RABBITMQ_PASSWORD=$(. ${VAULT_HOME}vault.fetch.property.sh vault.secret.rabbitmq.password)
    

    if [ -z "$RABBITMQ_PASSWORD" ] || [ "$RABBITMQ_PASSWORD" == "null" ]; then
        echo "ERROR: Unable to fetch RabbitMQ password from vault"
        exit 1
    fi
    

    openiam-cli status
    

    systemctl --no-pager status rabbitmq-server -l
    

    # Verify RabbitMQ is running
    rabbitmqctl status || { echo "ERROR: RabbitMQ failed to start!"; exit 1; }
    

    # Ensure vhosts, users, and permissions are intact
    echo "Verifying vhosts, users, and permissions..."
    rabbitmqctl list_vhosts
    rabbitmqctl list_users
    

    

    UMASK=$(umask)
    if [ ${UMASK} != 0022 ]; then
    # STIG set 0077 umask, we need to set it to 0022 temporally to enable plugins
      umask 0022
      rabbitmq-plugins enable rabbitmq_delayed_message_exchange
      rabbitmq-plugins enable rabbitmq_management
      umask ${UMASK}
    else
      rabbitmq-plugins enable rabbitmq_delayed_message_exchange
      rabbitmq-plugins enable rabbitmq_management
    fi
    

    rabbitmqctl add_vhost openiam_am
    rabbitmqctl add_vhost openiam_idm
    rabbitmqctl add_vhost openiam_audit
    rabbitmqctl add_vhost openiam_common
    rabbitmqctl add_vhost openiam_connector
    rabbitmqctl add_vhost openiam_activiti
    rabbitmqctl add_vhost openiam_user
    rabbitmqctl add_vhost openiam_groovy_manager
    rabbitmqctl add_vhost openiam_synchronization
    rabbitmqctl add_vhost openiam_ext_log
    rabbitmqctl add_vhost openiam_bulk_synchronization
    rabbitmqctl add_vhost openiam_reconciliation
    rabbitmqctl add_vhost openiam_bulk_reconciliation
    rabbitmqctl add_vhost openiam_business_rule
    rabbitmqctl add_vhost openiam_machine_learning
    rabbitmqctl add_vhost openiam_sas
    

    # Check if the user 'openiam' exists before adding
    if ! rabbitmqctl list_users | grep -q "^openiam\s"; then
        rabbitmqctl add_user openiam "$RABBITMQ_PASSWORD"
        rabbitmqctl set_user_tags openiam administrator
    else
        echo "User 'openiam' already exists, skipping user creation."
    fi
    

    rabbitmqctl set_permissions -p openiam_am openiam ".*" ".*" ".*"
    rabbitmqctl set_permissions -p openiam_idm openiam ".*" ".*" ".*"
    rabbitmqctl set_permissions -p openiam_audit openiam ".*" ".*" ".*"
    rabbitmqctl set_permissions -p openiam_common openiam ".*" ".*" ".*"
    rabbitmqctl set_permissions -p openiam_connector openiam ".*" ".*" ".*"
    rabbitmqctl set_permissions -p openiam_activiti openiam ".*" ".*" ".*"
    rabbitmqctl set_permissions -p openiam_user openiam ".*" ".*" ".*"
    rabbitmqctl set_permissions -p openiam_groovy_manager openiam ".*" ".*" ".*"
    rabbitmqctl set_permissions -p openiam_synchronization openiam ".*" ".*" ".*"
    rabbitmqctl set_permissions -p openiam_ext_log openiam ".*" ".*" ".*"
    rabbitmqctl set_permissions -p openiam_bulk_synchronization openiam ".*" ".*" ".*"
    rabbitmqctl set_permissions -p openiam_reconciliation openiam ".*" ".*" ".*"
    rabbitmqctl set_permissions -p openiam_bulk_reconciliation openiam ".*" ".*" ".*"
    rabbitmqctl set_permissions -p openiam_business_rule openiam ".*" ".*" ".*"
    rabbitmqctl set_permissions -p openiam_machine_learning openiam ".*" ".*" ".*"
    rabbitmqctl set_permissions -p openiam_sas openiam ".*" ".*" ".*"
    

    systemctl --no-pager status rabbitmq-server -l
    

    openiam-cli start

    Updating password for Redis

    1. Retrieve the existing Redis password.
    [root@rpm certs]# vault kv list secret/openiam/ | grep -i redis
    REDIS_PASSWORD
    SPRING_REDIS_PASSWORD
    vault.secret.redis.password
    vault.secret.spring.redis.password
    [root@rpm certs]# vault kv get secret/openiam/REDIS_PASSWORD
    ==== Data ====
    Key      Value
    ---      -----
    value    passwd00
    [root@rpm certs]# vault kv get secret/openiam/SPRING_REDIS_PASSWORD
    ==== Data ====
    Key      Value
    ---      -----
    value    passwd00
    [root@rpm certs]# vault kv get secret/openiam/vault.secret.redis.password
    ==== Data ====
    Key      Value
    ---      -----
    value    passwd00
    [root@rpm certs]# vault kv get secret/openiam/vault.secret.spring.redis.password
    ==== Data ====
    Key      Value
    ---      -----
    value    passwd00
    1. Update the Redis password in Vault as shown below.
    [root@rpm certs]# vault kv put secret/openiam/REDIS_PASSWORD value="openiam01"
    Success! Data written to: secret/openiam/REDIS_PASSWORD
    [root@rpm certs]# vault kv put secret/openiam/SPRING_REDIS_PASSWORD value="openiam01"
    Success! Data written to: secret/openiam/SPRING_REDIS_PASSWORD
    [root@rpm certs]# vault kv put secret/openiam/vault.secret.redis.password value="openiam01"
    Success! Data written to: secret/openiam/vault.secret.redis.password
    [root@rpm certs]# vault kv put secret/openiam/vault.secret.spring.redis.password value="openiam01"
    Success! Data written to: secret/openiam/vault.secret.spring.redis.password
    1. Verify the Redis password in Vault as follows.
    [root@rpm certs]# vault kv get secret/openiam/REDIS_PASSWORD
    ==== Data ====
    Key      Value
    ---      -----
    value    openiam01
    [root@rpm certs]# vault kv get secret/openiam/SPRING_REDIS_PASSWORD
    ==== Data ====
    Key      Value
    ---      -----
    value    openiam01
    [root@rpm certs]# vault kv get secret/openiam/vault.secret.redis.password
    ==== Data ====
    Key      Value
    ---      -----
    value    openiam01
    [root@rpm certs]# vault kv get secret/openiam/vault.secret.spring.redis.password
    ==== Data ====
    Key      Value
    ---      -----
    value    openiam01
    [root@rpm certs]# 
    Step 4: Update the Redis Password in redis configuration
    [root@rpm certs]# vi /etc/redis/redis.conf
    [root@rpm certs]# cat /etc/redis/redis.conf| grep requirepass
    # If the master is password protected (using the "requirepass" configuration
    # IMPORTANT NOTE: starting with Redis 6 "requirepass" is just a compatibility
    # The requirepass is not compatable with aclfile option and the ACL LOAD
    # command, these will cause requirepass to be ignored.
    # requirepass foobared
    # So use the 'requirepass' option to protect your instance.
    requirepass openiam01
    [root@rpm certs]#
    1. Restart the Redis service and stop and start the OpenIAM with the following commands.
    systemctl restart redis
    openiam-cli stop
    openiam-cli start
    Previous
    Password reset for administrator's account
    Next
    Authentication