security login expire-password
Expire user's password
Availability: This command is available to cluster administrators at the admin privilege level.
Description
The security login expire-password
command expires a specified user account password, forcing the user to change the password upon next login.
Parameters
-vserver <vserver name>
- Vserver-
This optionally specifies the Vserver to which the user account belongs.
-username <text>
- Username-
This specifies the user name of the account whose password you want to expire.
[-hash-function {sha512|sha256}]
- Password Hash Function-
This optionally specifies the password-hashing algorithm used for encrypting the passwords that you want to expire. The supported values include are as follows:
-
sha512 - Secure hash algorithm (512 bits)
-
sha256 - Secure hash algorithm (256 bits)
-
md5 - Message digest algorithm (128 bits)
-
[-lock-after <integer>]
- Lock User Account After N days (privilege: advanced)-
This optionally specifies the number of days after which the new password hash policy will be enforced. The enforcement will lock all user accounts that are still compliant with the provided hash alogrithm using
-hash-function
parameter.
Examples
The following command expires the password of the 'jdoe' user account which belongs to the 'vs1.netapp.com' Vserver.
cluster1::> security login expire-password -vserver vs1.netapp.com -username jdoe
The following command expires all user account passwords that are encrypted with the MD5 hash function.
cluster1::> security login expire-password -vserver * -username * -hash-function md5
The following command expires the password of any Vserver's user account named 'jdoe' that is encrypted with the MD5 hash function.
cluster1::> security login expire-password -vserver * -username jdoe -hash-function md5
The following command expires the password of the 'vs1.netapp.com' Vserver user account named 'jdoe' that is encrypted with the MD5 hash function.
cluster1::> security login expire-password -vserver vs1.netapp.com -username jdoe -hash-function md5
The following command expires all user account passwords that are encrypted with the MD5 hash function and enforce the new password hash policy after 180 days.
cluster1::> security login expire-password -vserver * -username * -hash-function md5 -lock-after 180