[AAA-44] Changing a user password requires external tools Created: 30/Jun/15 Updated: 21/Mar/19 Resolved: 26/Sep/16 |
|
| Status: | Resolved |
| Project: | aaa |
| Component/s: | General |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | ||
| Reporter: | Colin Dixon | Assignee: | Ryan Goulding |
| Resolution: | Cannot Reproduce | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Operating System: All |
||
| External issue ID: | 3911 |
| Description |
|
As explained in this wiki page: Changing a user password is complex. This should presumably be an easier task as every user of OpenDaylight will want to do that immediately after installing it. |
| Comments |
| Comment by Ryan Goulding [ 21/Jul/15 ] |
|
Yesterday I verified that this works to update a user record: curl -X PUT -s -H "Content-type:application/json" --data-binary @user.json https//<controller>:8181/auth/v1/users/1 Contents of user.json: Improper behavior was exhibited due to |
| Comment by Ryan Goulding [ 21/Jul/15 ] |
|
Created this page to document this better: |
| Comment by Vratko Polak [ 07/Aug/15 ] |
|
I have an off-topic question. > https://wiki.opendaylight.org/view/AAA:Changing_Account_Passwords Both methods require ODL to be started at least once with admin:admin default credentials, which is not secure. Is there an Improvement item somewhere, which asks for idmlight.db.mv.db to be created already during {project}
job run, so that the file is already present in released tar.gz file (thus available forthe second method)? The easiest way would be for AAA project to create and upload the file to Nexus, and integration/distribution would copy it in. |
| Comment by Ryan Goulding [ 07/Aug/15 ] |
|
This is a good idea. I will create a trello card to address this. We will also need to add a script to do the "second method" which has changed just the other day since passwords are now salted and encrypted using MD5. I will also add a card for this. |
| Comment by Ryan Goulding [ 07/Aug/15 ] |
|
Added here: I will work with the team to get these issues addressed. If you are interested in helping with implementation, please let me know! |
| Comment by Vratko Polak [ 10/Aug/15 ] |
|
> If you are interested in helping with implementation, please let me know! I do not really have time to write code, but I can perhaps comment and review. Now I think it is better for the packaged file to have a different name, for example "example.idmlight.db.mv.db". |
| Comment by Sunaina Khanna [ 19/Sep/16 ] |
|
Hi I am trying to modify the password by performing the steps mentioned above but still when I am trying to log in ODL, I am unable to do so with the new password. Step 1: curl -u admin:admin http://localhost:8181/auth/v1/users Step 2: cat user.json Step 3: curl -u admin:admin -X PUT -H "Content-Type: application/json" --data-binary @./user.json http://localhost:8181/auth/v1/users/1 Please suggest. |
| Comment by Ryan Goulding [ 19/Sep/16 ] |
|
The id is wrong in your URL: http://localhost:8181/auth/v1/users/1 should be: http://localhost:8181/auth/v1/users/admin@sdn Also, there is a script that does this now located in the etc folder upon feature installation. You can invoke the help function by this: python etc/idmtool -h |
| Comment by Vratko Polak [ 26/Sep/16 ] |
|
> there is a script that does this now located in the etc folder Why "etc"? I believe "bin" is much better folder for executable scripts. |