docs/doc/source/security/kubernetes/password-recovery-for-linux-user-accounts.rst


.. thp1552681882191
.. _password-recovery-for-linux-user-accounts:

=========================================
Password Recovery for Linux User Accounts
=========================================

You can reset the password for a Linux user if required. The procedure
depends on the class of user.


.. _password-recovery-for-linux-user-accounts-section-N1001F-N1001C-N10001:

------------------
Linux System Users
------------------

This class includes the **sysadmin** account, and optionally other Linux
system user accounts created to support a multi-admin scenario. If another
Linux system account is available, you can use it to reset the password for
this type of account as follows:

.. code-block:: none

    $ sudo passwd <user>
    $ sudo chage -d 0 <user>

where `<user>` is the user name of the account to be reset \(for, example,
**sysadmin**\) and :command:`sudo passwd <user>` will prompt for the new
password. The :command:`chage` command forces immediate expiration, so that
the user must change the password at first login.

If no other Linux system user accounts have been created, you can recover
using the default LDAP **operator** or **admin** accounts. For more
information, see :ref:`Local LDAP Linux User Accounts
<local-ldap-linux-user-accounts>`.


.. _password-recovery-for-linux-user-accounts-section-N10066-N1001C-N10001:

-----------------
LDAP System Users
-----------------

This class includes users created using LDAP utilities.

You can reset the password for an LDAP account as follows:

.. code-block:: none

    $ sudo ldapmodifyuser <user> replace userPassword <temp_password>
    $ sudo ldapmodifyuser <user> replace shadowLastChange 0

where <user> is the username, and <temp\_password> is a temporary password.
The second command forces a password change on first login.
Security guide update Re-organized topic hierarchy Tiny edit to restart review workflow. Squashed with Resolved index.rst conflict commit Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5 Signed-off-by: Keane Lim <keane.lim@windriver.com> Signed-off-by: MCamp859 <maryx.camp@intel.com> 2020-08-31 11:01:56 -04:00
			`.. thp1552681882191`
			`.. _password-recovery-for-linux-user-accounts:`

			`=========================================`
			`Password Recovery for Linux User Accounts`
			`=========================================`

			`You can reset the password for a Linux user if required. The procedure`
			`depends on the class of user.`


			`.. _password-recovery-for-linux-user-accounts-section-N1001F-N1001C-N10001:`

			`------------------`
			`Linux System Users`
			`------------------`

			`This class includes the sysadmin account, and optionally other Linux`
			`system user accounts created to support a multi-admin scenario. If another`
			`Linux system account is available, you can use it to reset the password for`
			`this type of account as follows:`

			`.. code-block:: none`

Password command usage is incorrect. (CP r6, dsr6) Updated the original command: removed the <temp_password> from command. Minor edits and also removed the <temp\_password> from the comment. Signed-off-by: Elaine Fonaro <elaine.fonaro@windriver.com> Change-Id: I876281ef2ddbea9b5df271cc1370b3580277d01e 2022-06-02 15:30:38 -03:00			`$ sudo passwd <user>`
Security guide update Re-organized topic hierarchy Tiny edit to restart review workflow. Squashed with Resolved index.rst conflict commit Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5 Signed-off-by: Keane Lim <keane.lim@windriver.com> Signed-off-by: MCamp859 <maryx.camp@intel.com> 2020-08-31 11:01:56 -04:00			`$ sudo chage -d 0 <user>`

Password command usage is incorrect. (CP r6, dsr6) Updated the original command: removed the <temp_password> from command. Minor edits and also removed the <temp\_password> from the comment. Signed-off-by: Elaine Fonaro <elaine.fonaro@windriver.com> Change-Id: I876281ef2ddbea9b5df271cc1370b3580277d01e 2022-06-02 15:30:38 -03:00			where `<user>` is the user name of the account to be reset \(for, example,
			sysadmin\) and :command:`sudo passwd <user>` will prompt for the new
			password. The :command:`chage` command forces immediate expiration, so that
			`the user must change the password at first login.`
Security guide update Re-organized topic hierarchy Tiny edit to restart review workflow. Squashed with Resolved index.rst conflict commit Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5 Signed-off-by: Keane Lim <keane.lim@windriver.com> Signed-off-by: MCamp859 <maryx.camp@intel.com> 2020-08-31 11:01:56 -04:00
			`If no other Linux system user accounts have been created, you can recover`
			`using the default LDAP operator or admin accounts. For more`
			information, see :ref:`Local LDAP Linux User Accounts
			<local-ldap-linux-user-accounts>`.


			`.. _password-recovery-for-linux-user-accounts-section-N10066-N1001C-N10001:`

			`-----------------`
			`LDAP System Users`
			`-----------------`

			`This class includes users created using LDAP utilities.`

			`You can reset the password for an LDAP account as follows:`

			`.. code-block:: none`

			`$ sudo ldapmodifyuser <user> replace userPassword <temp_password>`
			`$ sudo ldapmodifyuser <user> replace shadowLastChange 0`

			`where <user> is the username, and <temp\_password> is a temporary password.`
			`The second command forces a password change on first login.`