https://community.netapp.com/t5/ONTAP-Discussions/7-Mode-User-Administration/m-p/11339#M2606 <HTML><HEAD></HEAD><BODY><P>I noted that fact in the man pages Richard, I felt that as I was logged in as root I wouldn't have a problem.</P><P></P><P>bondbhola, yes deleting and recreating with ...passwd.firstlogon.enable=off set works fine as expected.</P></BODY></HTML> Tue, 23 Apr 2013 00:54:39 GMT CHRIS_K_AU 2013-04-23T00:54:39Z https://community.netapp.com/t5/ONTAP-Discussions/7-Mode-User-Administration/m-p/11316#M2596 <HTML><HEAD></HEAD><BODY><P>How do you manage user accounts in 7 mode given the following scenarios: </P><P></P><P><STRONG>Enable disabled user account:</STRONG> </P><P style="padding-left: 30px;">Controller1&gt; useradmin user list Test3</P><P style="padding-left: 30px;">Name: Test3 </P><P style="padding-left: 30px;">Info: </P><P style="padding-left: 30px;">Rid: 111111 </P><P style="padding-left: 30px;">Groups: Group1 </P><P style="padding-left: 30px;">Full Name: </P><P style="padding-left: 30px;">Allowed Capabilities: login-snmp </P><P style="padding-left: 30px;">Password min/max age in days: 1/4294967295 </P><P style="padding-left: 30px;"><SPAN style="color: #ff0000;"><STRONG>Status: disabled</STRONG></SPAN> </P><P></P><P><STRONG>Change user password for first login:</STRONG></P><P style="padding-left: 30px;">When <STRONG><STRONG>security.passwd.firstlogin.enable</STRONG> </STRONG>is set to <STRONG>on</STRONG> and using the principal of least privilege, how do you change the intial password?&nbsp; Or let me ask, what is required to allow a user to change their password on first login if you are configuring SNMPv3 and only granting login-snmp?&nbsp; Do they need the ability to login through SSH, if so what other capabilities are required for the user to change their password.&nbsp; Let’s say the user only has login-snmp, login-ssh how would they change their password? There is no prompt when I login and I can login through SSH with the account with a status of expired. When I have these capabilities and try passwd , system log states that test needs the cli-passwd capability. If you grant that capability then that account can change any password. </P><P></P><P style="padding-left: 30px;">Name: test </P><P style="padding-left: 30px;">Info: Rid: 11112 </P><P style="padding-left: 30px;">Groups: Group1 </P><P style="padding-left: 30px;">Full Name: </P><P style="padding-left: 30px;">Allowed Capabilities: </P><P style="padding-left: 30px;">Password min/max age in days: 0/4294967295 </P><P style="padding-left: 30px;">Status: expired</P></BODY></HTML> Thu, 05 Jun 2025 06:34:29 GMT https://community.netapp.com/t5/ONTAP-Discussions/7-Mode-User-Administration/m-p/11316#M2596 ASUNDSTROM 2025-06-05T06:34:29Z https://community.netapp.com/t5/ONTAP-Discussions/7-Mode-User-Administration/m-p/11321#M2598 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P>Since you have not gotten an answer, you may want to ask this question in the <A href="https://forums.netapp.com/community/support" target="_blank">NetApp Support Community.</A>&nbsp; The current customers, partners and internal Subject Matter Experts are addressing technical product questions there.</P><P>Mike</P></BODY></HTML> Wed, 22 Feb 2012 19:48:31 GMT https://community.netapp.com/t5/ONTAP-Discussions/7-Mode-User-Administration/m-p/11321#M2598 crocker 2012-02-22T19:48:31Z https://community.netapp.com/t5/ONTAP-Discussions/7-Mode-User-Administration/m-p/11325#M2600 <HTML><HEAD></HEAD><BODY><P>I'm seeking an answer to this 'problem' also. The closest workarounds I can see are the RSH syntax for passwd or setting the ...passwd.firstlogon.enable off before creating the accounts then turning it back on again.</P></BODY></HTML> Mon, 22 Apr 2013 04:57:20 GMT https://community.netapp.com/t5/ONTAP-Discussions/7-Mode-User-Administration/m-p/11325#M2600 CHRIS_K_AU 2013-04-22T04:57:20Z https://community.netapp.com/t5/ONTAP-Discussions/7-Mode-User-Administration/m-p/11329#M2601 <HTML><HEAD></HEAD><BODY><P>Try to delete the test1 account and recrate it.</P><P></P><P>Thanks,</P><P>Bhola Gond</P></BODY></HTML> Mon, 22 Apr 2013 12:53:58 GMT https://community.netapp.com/t5/ONTAP-Discussions/7-Mode-User-Administration/m-p/11329#M2601 bondbhola 2013-04-22T12:53:58Z https://community.netapp.com/t5/ONTAP-Discussions/7-Mode-User-Administration/m-p/11335#M2604 <HTML><HEAD></HEAD><BODY><P>The capability cli-passwd only provides the privileges to change the password on the users own account.</P><P>It does not provide the ability to change the password on other users accounts.</P><P>In order to change the password of other users accounts you need the security context privilege of security-passwd-change-others.</P></BODY></HTML> Mon, 22 Apr 2013 17:10:07 GMT https://community.netapp.com/t5/ONTAP-Discussions/7-Mode-User-Administration/m-p/11335#M2604 RichardSopp 2013-04-22T17:10:07Z https://community.netapp.com/t5/ONTAP-Discussions/7-Mode-User-Administration/m-p/11339#M2606 <HTML><HEAD></HEAD><BODY><P>I noted that fact in the man pages Richard, I felt that as I was logged in as root I wouldn't have a problem.</P><P></P><P>bondbhola, yes deleting and recreating with ...passwd.firstlogon.enable=off set works fine as expected.</P></BODY></HTML> Tue, 23 Apr 2013 00:54:39 GMT https://community.netapp.com/t5/ONTAP-Discussions/7-Mode-User-Administration/m-p/11339#M2606 CHRIS_K_AU 2013-04-23T00:54:39Z