NetApp Community Update
This site will enter Read Only mode on July 23 as we prepare to move to a new platform. You will still be able to view content, but posting and replying will be temporarily disabled.
We're excited to launch our new Community experience on July 30 and more information will follow soon.
Stay connected during the transition - Join our Discord community today.

ONTAP Discussions

Disabling All Password Policies Temporarily

TMADOCTHOMAS
5,355 Views

Is there a way in cdot to disable all password policies temporarily? I know there was a way in 7-mode because I did it a few times, but can't find the equivalent in cdot. Use case is simple: I have a local account set up on all of our clusters that already has a secure password. On ONE of those clusters I need to 'change' the password to upgrade from MD5 to SHA512, but I don't want to actually change it. Problem is the "disallowed-reuse" setting under security login role config modify has a MINIMUM of 6, so the only way around it is to disable all policies, make the change, then re-enable.

1 ACCEPTED SOLUTION

Mjizzini
5,238 Views

I dont think that we can disable the password policies. Maybe deleting it then recreating it again.

Enforcing SHA-2 on administrator account passwords

View solution in original post

3 REPLIES 3

Mjizzini
5,239 Views

I dont think that we can disable the password policies. Maybe deleting it then recreating it again.

Enforcing SHA-2 on administrator account passwords

TMADOCTHOMAS
5,224 Views

Okay thanks @Mjizzini !

dirvine
3,573 Views

You can change the policy temporarily - set the password back to original and then change it back:

 

sec login role config modify -vserver <vserver> -role admin -disallowed-reuse 1
sec login password -vserver <vserver> -username <username>
sec login role config modify -vserver <vserver> -role admin -disallowed-reuse 6
As long as you first use password is different to what it is now - this will work. 

Public