vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/mrs/umn/admin_guide_000257.html
Yang, Tong 2195db241c MRS UMN 20231220 version update 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Reviewed-by: Rechenburg, Matthias <matthias.rechenburg@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2024-05-16 09:40:21 +00:00

7.7 KiB
Raw Permalink Blame History

Changing the Password for a Component Running User

Scenario

It is recommended that the administrator periodically change the password for each component running user to improve the system O&M security.

Component running users can be classified into the following two types depending on whether their initial passwords are randomly generated by the system:
  • If the initial password of a component running user is randomly generated by the system, the user is of the machine-machine type.
  • If the initial password of a component running user is not randomly generated by the system, the user is of the human-machine type.

Impact on the System

If the initial password is randomly generated by the system, the cluster needs to be restarted for the password changing to take effect. Services are unavailable during the restart.

Prerequisites

You have installed the client on any node in the cluster and obtained the IP address of the node.

Procedure

  1. Log in to the node where the client is installed as the client installation user
  2. Run the following command to switch to the client directory, for example, /opt/client:

    cd /opt/client

  3. Run the following command to set environment variables:

    source bigdata_env

  4. Run the following command and enter the password of user kadmin/admin to log in to the kadmin console:

    kadmin -p kadmin/admin

    The default password of user kadmin/admin, Admin@123, will expire upon your first login. Change the password as prompted and keep the new password secure.

  5. Run the following command to change the password of an internal component running user. The password changing takes effect on all servers.

    cpw Internal system username

    For example: cpw oms/manager

    The password must meet the following complexity requirements by default:

    • The password contains at least 8 characters.
    • The password contains at least four types of the following characters: Uppercase letters, lowercase letters, digits, spaces, and special characters which can only be ~`!?,.;-_'(){}[]/<>@#$%^&*+|\=.
    • The password cannot be the same as the username or the username spelled backwards.
    • The password cannot be a common easily-cracked passwords, for example, Admin@12345.
    • The password cannot be the same as the password used in latest N times. N indicates the value of Number of Historical Passwords configured in Configuring Password Policies. This policy applies to only human-machine accounts.

    Run the following command to check user information:

    getprinc Internal system username

    For example: getprinc oms/manager

  6. Determine the type of the user whose password needs to be changed.

    • If the user is a machine-machine user, go to 7.
    • If the user is a human-machine user, the password is changed successfully and no further action is required.

  7. Log in to MRS Manager.
  8. Click Cluster, click the name of the desired cluster, and choose More > Restart.
  9. In the displayed window, enter the password of the current login user and click OK.
  10. In the displayed restart confirmation dialog box, click OK.
  11. Wait for message "Operation successful" to display.