security login password-prepare-to-downgrade

Reset password features introduced in the Data ONTAP version

Availability: This command is available to cluster administrators at the advanced privilege level.

Description

If the password of the system administrator is not encrypted with an encryption type supported by releases earlier than ONTAP 9.0, this command prompts the administrator for a new password and encrypt it using a supported encryption type on each cluster or at each site in a MetroCluster configuration. In a MetroCluster configuration, this command must be run on both sites. The password for all other users are marked as "expired". This causes them to be re-encrypted using a compatible encryption type. The expired passwords are changed with an internally generated password. The administrator must change the passwords for all users before the users can login. The users are prompted to change their password upon login. This command disables the logging of unsuccessful login attempts. The command must be run by a user with the cluster admin role from a clustershell session on the console device. This user must be unlocked. If you fail to run this command, the revert process fails.

Parameters

-disable-feature-set <downgrade version> - Data ONTAP Version
This parameter specifies the Data ONTAP version that introduced the password feature set.

Examples

The following command disables the logging of unsuccessful login attempts.

         cluster1::*> security login password prepare-to-downgrade -disable-feature-set 8.3.1
         
         Warning: This command will disable the MOTD feature that prints unsuccessful login attempts.
         Do you want to continue? {y|n}: y

         cluster1::*>
         

The following command prompts system administrator to enter password and encrypt it with the hashing algorithm supported by releases earlier than Data ONTAP 9.0.

cluster1::*> security login password prepare-to-downgrade -disable-feature-set 9.0.0

        Warning: If your password is not encrypted with an encryption type supported by
                 releases earlier than Data ONTAP 9.0.0, this command will prompt you
                 for a new password and encrypt it using a supported encryption type on
		 each cluster or at each site in a MetroCluster configuration. In a 
		 MetroCluster configuration, this command must be run on both sites.
		 The password for all other users are marked as "expired" and
		 changed to an internally generated password. The administrator must change
		 the passwords for all users before the users can login. The users are
                 prompted to change their password upon login.
        Do you want to continue? {y|n}:
        
        Enter a new password:
        Enter it again:
        
        cluster1::*>