docs/doc/source/security/kubernetes/password-recovery-for-linux-user-accounts.rst
Ron Stone f125a8b892 Remove spurious escapes (r8,dsR8)
This change addresses a long-standing issue in rST documentation imported from XML.
That import process added backslash escapes in front of various characters. The three
most common being '(', ')', and '_'.
These instances are removed.

Signed-off-by: Ron Stone <ronald.stone@windriver.com>
Change-Id: Id43a9337ffcd505ccbdf072d7b29afdb5d2c997e
2023-03-01 11:19:04 +00:00

1.8 KiB

Password Recovery for Linux User Accounts

You can reset the password for a Linux user if required. The procedure depends on the class of user.

Linux System Users

This class includes the sysadmin account, and optionally other Linux system user accounts created to support a multi-admin scenario. If another Linux system account is available, you can use it to reset the password for this type of account as follows:

$ sudo passwd <user>
$ sudo chage -d 0 <user>

where <user> is the user name of the account to be reset (for, example, sysadmin) and sudo passwd <user> will prompt for the new password. The chage command forces immediate expiration, so that the user must change the password at first login.

If no other Linux system user accounts have been created, you can recover using the default LDAP operator or admin accounts. For more information, see Local LDAP Linux User Accounts <local-ldap-linux-user-accounts>.

LDAP System Users

This class includes users created using LDAP utilities.

You can reset the password for an LDAP account as follows:

$ sudo ldapmodifyuser <user> replace userPassword <temp_password>
$ sudo ldapmodifyuser <user> replace shadowLastChange 0

where <user> is the username, and <temp_password> is a temporary password. The second command forces a password change on first login.