ONTAP Discussions

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ONTAP Discussions

Ask a Question

7-Mode User Administration

ASUNDSTROM
‎2012-02-16 01:59 PM
14,807 Views

How do you manage user accounts in 7 mode given the following scenarios:

Enable disabled user account:

Controller1> useradmin user list Test3

Name: Test3

Info:

Rid: 111111

Groups: Group1

Full Name:

Allowed Capabilities: login-snmp

Password min/max age in days: 1/4294967295

Status: disabled

Change user password for first login:

When security.passwd.firstlogin.enable is set to on and using the principal of least privilege, how do you change the intial password?  Or let me ask, what is required to allow a user to change their password on first login if you are configuring SNMPv3 and only granting login-snmp?  Do they need the ability to login through SSH, if so what other capabilities are required for the user to change their password.  Let’s say the user only has login-snmp, login-ssh how would they change their password? There is no prompt when I login and I can login through SSH with the account with a status of expired. When I have these capabilities and try passwd , system log states that test needs the cli-passwd capability. If you grant that capability then that account can change any password.

Name: test

Info: Rid: 11112

Groups: Group1

Full Name:

Allowed Capabilities:

Password min/max age in days: 0/4294967295

Status: expired

0 Kudos
View By:
5 REPLIES 5

crocker
NetApp Alumni
‎2012-02-22 11:48 AM
14,704 Views

Hi,

Since you have not gotten an answer, you may want to ask this question in the NetApp Support Community.  The current customers, partners and internal Subject Matter Experts are addressing technical product questions there.

Mike

0 Kudos

CHRIS_K_AU
‎2013-04-21 09:57 PM
14,704 Views

I'm seeking an answer to this 'problem' also. The closest workarounds I can see are the RSH syntax for passwd or setting the ...passwd.firstlogon.enable off before creating the accounts then turning it back on again.

0 Kudos

bondbhola
‎2013-04-22 05:53 AM
14,704 Views

Try to delete the test1 account and recrate it.

Thanks,

Bhola Gond

0 Kudos

RichardSopp
‎2013-04-22 10:10 AM
14,704 Views

The capability cli-passwd only provides the privileges to change the password on the users own account.

It does not provide the ability to change the password on other users accounts.

In order to change the password of other users accounts you need the security context privilege of security-passwd-change-others.

0 Kudos

CHRIS_K_AU
‎2013-04-22 05:54 PM
In response to RichardSopp
14,704 Views

I noted that fact in the man pages Richard, I felt that as I was logged in as root I wouldn't have a problem.

bondbhola, yes deleting and recreating with ...passwd.firstlogon.enable=off set works fine as expected.

0 Kudos
Announcements
All Community Forums
Public