Help Center > > User Guide> FusionInsight Manager Operation Guide (Applicable to 3.x)> Security Management> Account Management> Changing the Password for a System Internal User> Changing the Password for a Component Running User

Changing the Password for a Component Running User

Updated at: Sep 02, 2021 GMT+08:00

Scenario

Periodically change the password for each component running user to improve the system O&M security.

Component running users can be classified into the following two types depending on whether their initial passwords are randomly generated by the system:
  • If the initial password of a component running user is randomly generated by the system, the user is of the Machine-Machine type.
  • If the initial password of a component running user is not randomly generated by the system, the user is of the Human-Machine type.

Impact on the System

All services need to be restarted for the password changing to take effect. The services are unavailable during the cluster restart.

Prerequisites

You have installed the client on any node in the cluster and obtain the IP address of the node.

Procedure

  1. Log in to the node where the client is installed as user root.
  2. Run the following command to go to the client directory, such as /opt/Bigdata/client:

    cd /opt/Bigdata/client

  3. Run the following command to configure environment variables:

    source bigdata_env

  4. Run the following command and enter the password of user kadmin/admin to log in to the kadmin console:

    kadmin -p kadmin/admin

    The default password of user kadmin/admin is Admin@123, which will expire upon your first login. Change the password as prompted and keep the new password secure.

  5. Run the following command to change the password of an internal system user. The password changing takes effect on all servers.

    cpw internal system username

    For example: cpw oms/manager

    The password complexity requirements are as follows by default:

    • The password contains at least 8 characters.
    • The password must contain at least four types of the following: lowercase letters, uppercase letters, digits, spaces, and special characters which can only be ~`!?,.;-_'(){}[]/<>@#$%^&*+|\=.
    • The password cannot be the same as the username or reverse username.
    • The password cannot be a common password that is easy to crack, for example, Admin@12345.
    • The password cannot be the same as the password that used in latest N times. N indicates the value of Repetition Rule in Configuring Password Policies. The policy affects only users of the Human-Machine type.

    Run the following command to check user information:

    getprinc internal system username

    For example: getprinc oms/manager

  6. Determine the type of the user whose password needs to be changed.

    • If the user is a Machine-Machine user, perform 7.
    • If the user is a Human-Machine user, the password is changed and no further action is required.

  7. Log in to FusionInsight Manager.
  8. On FusionInsight Manager, choose Cluster > Name of the desired cluster > More > Restart.
  9. In the displayed window, enter the password of the current login administrator user and click OK.
  10. In the displayed dialog box, click OK to restart the cluster.
  11. After the system displays "Operation succeeded", click Finish. The cluster is successfully started.

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?







Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel