Getting Started with Default Enterprise Server Security

After installing Enterprise Developer or Enterprise Server, you should retrieve the administration credentials that were generated at installation time from the vault. You will need these for most Enterprise Server activities.

Note: Micro Focus recommends you make a note of the administration username and password, and then delete them from the vault and/or change the password, as described below.

To retrieve the administration credentials:

  1. You will need an interactive session (Windows command prompt, UNIX/Linux shell) on the target system. Remember that the installer creates a unique password for each product installation.
  2. Set your session up with the product environment. Open an Enterprise Developer command prompt on Windows, or source the cobsetenv script on UNIX. On UNIX, you may need to be running as either the Enterprise Server account (as specified when installing the product) or root, in order to have read access to the vault.
  3. Run mfsecretsadmin read microfocus/temp/admin. You should receive output similar to:
    {"mfUser":"SYSAD", "mfPassword":"abcd1234"}

    The username will always be SYSAD. Note down the generated password.

  4. Connect a browser to ESCWA using http://hostname:10086, where hostname is localhost if you are running on the same system as ESCWA, or the remote system's hostname otherwise. You will be prompted to sign on. Enter the username and password from step 3 to confirm they work.

    You change the password using the following options:

    • Before you log on to ESCWA, on the splash screen, click Change Password and complete the login details, confirm the new password and click Submit.
    • In ESCWA, click Security from the menu bar. In the navigation panel, expand ESCWA Configuration and then expand your security manager, then click Users. In the SYSAD row, click the Edit icon. This opens the Properties dialog box. Type a new password and then click Save.
  5. Optional: Delete the admin credentials from the vault using this command:
    mfsecretsadmin write -overwrite microfocus/temp/admin
    Note: If you delete the SYSAD user or change the password generated for it by the installer in the default VSAM Security Manager, you need to provide new sufficiently authorized credentials for the Server Explorer connection.
  6. Optional: Disable, delete, or change the password of the test user accounts SAFU, mf_mdsa, and SAFUIMS. These accounts exist for backward compatibility and are used by some tutorials, but have a known password and so entail a certain amount of risk. You can modify or remove the accounts using ESCWA's Security page, by selecting the security manager under ESCWA Security Configuration in the navigation pane.
  7. Optional: Disable, delete, or change the passwords of the system accounts mf_cs and mf_dep. See User accounts in the Default Enterprise Server Security Configuration for more information.

Alternatively, you can disable the Default Enterprise Server Security configuration. You can do this at any time. See To Disable the Default Enterprise Server Security Configuration for more information.