Changing the server password
This topic explains how to change the Qlik Replicate Server password using the Replicate CLI. Note that all commands described in this section should be run as administrator from the product bin directory.
The Qlik Replicate Server has a fixed 'admin' user with an automatically generated random password that is stored in the mk.dat file. The password is unknown, unique and safe. The Qlik Replicate UI Server service always connects to the Qlik Replicate Server service using the 'admin' user. When both services run on the same machine the admin password is accessible to both servers, so there is no need to specify this password explicitly.
When Qlik Replicate Server runs on a different machine or when a remote Qlik Replicate client needs to communicate directly with a remote Qlik Replicate Server, the server password must be known to both sides.
The server password must be strong enough to prevent brute-force or dictionary attacks. As such, it must satisfy the following criteria:
Must contain at least:
- 16 characters
- One uppercase letter [A-Z]
- One lowercase letter [a-z]
- One digit [0-9]
Cannot contain:
- Special keyboard characters (e.g. !@#$)
- Non-Latin letters
- Spaces
You can generate a strong random password using the genpassword CLI utility described below, using a third-party utility, or even manually; in fact, it's not important how the password is generated, as long it meets the aforementioned requirements.
- Passwords set with previous versions will continue to work, as the validity check is only performed when setting a new server password.
- Scripts that automate the setting up of Qlik Replicate servers (such as when setting up docker images) should be reviewed and edited if necessary to ensure password validity.
-
When running multiple Replicate Linux instances, this procedure needs to be repeated for each instance (as each instance has its own data directory).
For information on installing multiple Replicate Linux instances, see Replicate instances and services on Linux
To generate a strong random password:
Run the following command:
repctl genpassword
A 16 character password that satisfies the strong-password criteria will be generated.
To change the server password using a script:
-
Run the following command:
repctl [-d data-directory] SETSERVERPASSWORD new_password
where data-directory is the name of the Replicate data directory.
The default path is <product_dir>/data.
Information noteYou only need to include
-d data-directory
in the command if you changed the default data directory (e.g. when installing multiple Replicate Linux instances). - Restart the Qlik Replicate services (Windows) or the Qlik Replicate instance (Linux).
To change the server password interactively:
-
Run the following command:
repctl [-d data-directory]
-
Press [Enter] and then type the following:
SETSERVERPASSWORD new_password
- Press [Enter] again to set the password.
- Restart the Qlik Replicate services (Windows) or the Qlik Replicate instance (Linux).
Notes:
When the Qlik Replicate .NET UI Server is running on one machine and the Qlik Replicate Server is running on another, the Qlik Replicate Server password must be the same on both machines. The password is used during the SSL handshake to establish a secure connection between the participating machines.