Solved: Disabling All Password Policies Temporarily

TMADOCTHOMAS · ‎2021-02-18

Is there a way in cdot to disable all password policies temporarily? I know there was a way in 7-mode because I did it a few times, but can't find the equivalent in cdot. Use case is simple: I have a local account set up on all of our clusters that already has a secure password. On ONE of those clusters I need to 'change' the password to upgrade from MD5 to SHA512, but I don't want to actually change it. Problem is the "disallowed-reuse" setting under security login role config modify has a MINIMUM of 6, so the only way around it is to disable all policies, make the change, then re-enable.

Mjizzini · ‎2021-02-22

I dont think that we can disable the password policies. Maybe deleting it then recreating it again.

Enforcing SHA-2 on administrator account passwords

View solution in original post

Mjizzini · ‎2021-02-22

I dont think that we can disable the password policies. Maybe deleting it then recreating it again.

Enforcing SHA-2 on administrator account passwords

TMADOCTHOMAS · ‎2021-02-23

Okay thanks @Mjizzini !

dirvine · ‎2023-12-06

You can change the policy temporarily - set the password back to original and then change it back:

sec login role config modify -vserver <vserver> -role admin -disallowed-reuse 1
sec login password -vserver <vserver> -username <username>
sec login role config modify -vserver <vserver> -role admin -disallowed-reuse 6
As long as you first use password is different to what it is now - this will work.