Skip to main content

security login expire-password

Contributors
Suggest changes

Expire user's password

Availability: This command is available to cluster administrators at the admin privilege level.

Description

The security login expire-password command expires a specified user account password, forcing the user to change the password upon next login.

Parameters

-vserver <vserver name> - Vserver

This optionally specifies the Vserver to which the user account belongs.

-username <text> - Username

This specifies the user name of the account whose password you want to expire.

[-hash-function {sha512|sha256}] - Password Hash Function

This optionally specifies the password-hashing algorithm used for encrypting the passwords that you want to expire. The supported values include are as follows:

  • sha512 - Secure hash algorithm (512 bits)

  • sha256 - Secure hash algorithm (256 bits)

  • md5 - Message digest algorithm (128 bits)

[-lock-after <integer>] - Lock User Account After N days (privilege: advanced)

This optionally specifies the number of days after which the new password hash policy will be enforced. The enforcement will lock all user accounts that are still compliant with the provided hash alogrithm using -hash-function parameter.

Examples

The following command expires the password of the 'jdoe' user account which belongs to the 'vs1.netapp.com' Vserver.

cluster1::> security login expire-password -vserver vs1.netapp.com -username jdoe

The following command expires all user account passwords that are encrypted with the MD5 hash function.

cluster1::> security login expire-password -vserver * -username * -hash-function md5

The following command expires the password of any Vserver's user account named 'jdoe' that is encrypted with the MD5 hash function.

cluster1::> security login expire-password -vserver * -username jdoe -hash-function md5

The following command expires the password of the 'vs1.netapp.com' Vserver user account named 'jdoe' that is encrypted with the MD5 hash function.

cluster1::> security login expire-password -vserver vs1.netapp.com -username jdoe -hash-function md5

The following command expires all user account passwords that are encrypted with the MD5 hash function and enforce the new password hash policy after 180 days.

cluster1::> security login expire-password -vserver * -username * -hash-function md5 -lock-after 180