epadmin-authentication

epadmin authentication target — Displays, updates, and resets the local authentication realm for a node.

SYNOPSIS

epadmin [globalparameters] command authentication [commandparameters]

DESCRIPTION

Displays, updates, and resets the local authentication realm for a node. Use this command in rare cases to recover from authentication failures such as an unavailable administration password.

The authentication target has three commands:

The designation [sn|ad] in syntax examples is a reminder that this command requires either the global parameter ‑‑servicename or the ‑‑adminport and ‑‑hostname combination to identify the node or cluster of interest.

epadmin display authentication

Displays node administration token authentication information. To see all nodes in a cluster, use the servicename global parameter with the name of the cluster. In a large cluster, you can then narrow the results down to a single node with the --nodename command parameter. For example: 

$ epa --ad=16214 display authentication
Node Name = B.sbuser
Key Identifier = 1584054546861:3
Load Time = 2020-03-12 21:09:07

Node Name = B.sbuser
Key Identifier = 1584054546861:2
Load Time = 2020-03-12 20:09:07

$ epa --servicename=sbuser display authentication
[B.sbuser] Node Name = B.sbuser
[B.sbuser] Key Identifier = 1584054546861:3
[B.sbuser] Load Time = 2020-03-12 21:09:07

[B.sbuser] Node Name = B.sbuser
[B.sbuser] Key Identifier = 1584054546861:2
[B.sbuser] Load Time = 2020-03-12 20:09:07

[A.sbuser] Node Name = A.sbuser
[A.sbuser] Key Identifier = 1584060343988:1
[A.sbuser] Load Time = 2020-03-12 20:45:44

$ epa --servicename=sbuser display authentication --nodename=A.sbuser
[A.sbuser] Node Name = A.sbuser
[A.sbuser] Key Identifier = 1584060343988:1
[A.sbuser] Load Time = 2020-03-12 20:45:44
Command Parameter Description Required
nodename Specifies a node name to narrow the results in a command looking at a large cluster. No.

epadmin reset authentication

Resets node authentication to its initial authentication state after node installation. These are the default security configuration settings, except for the password, which must be specified with this command.

  • Returns to using the Local Authentication Realm named default-realm.

  • Defines the operating system user executing this reset command as a node user.

  • Sets a password for that user to the value of the password command parameter, or the value specified specified in response to prompts by the reset command. This password never expires.

  • Assigns the new node user to the administrator role.

The reset command can be executed remotely or locally. If executed remotely by specifying the servicename or adminport or hostname global parameters, the installpath parameter does not need to be specified. 

epadmin [sn|ad] reset authentication
epadmin [sn|ad] reset authentication --installpath=A.X
epadmin [sn|ad] reset authentication --installpath=A.X --password=supersecret
Command Parameter Description Required
installpath Node installation path. If specified, the user executing this command must have operating system write privileges for the node installation path. Not required if run for a remote node. Required if the command is executed locally.
password New administrator password. Yes. If not specified, the command prompts for a password.

epadmin update authentication

Updates the keys used by node administration token authentication. Use this cautiously on a node running in production. Use the display authentication command keys to review the keys. 

epadmin [sn|ad] update authentication

SEE ALSO

Help System for epadmin
epadmin(1)
epadmin-globals(1)