Identify user accounts that use SHA-2 hash function

Contributors Download PDF of this page

If you are reverting from ONTAP 9.1 or ONTAP 9.0 to ONTAP 8.3.x, SHA-2 account users can no longer be authenticated with their passwords. Before you revert, you should identify the user accounts that use the SHA-2 hash function, so that after reverting, you can have them reset their passwords to use the encryption type (MD5) that is supported by the release you revert to.

  1. Change to the privilege setting to advanced: set -privilege advanced

  2. Identify the user accounts that use the SHA-2 has function: security login show -vserver * -username * -application * -authentication-method password -hash-function !md5

  3. Retain the command output for use after the revert.

Note During the revert, you will be prompted to run the advanced command security login password-prepare-to-downgrade to reset your own password to use the MD5 hash function. If your password is not encrypted with MD5, the command prompts you for a new password and encrypts it with MD5, enabling your credential to be authenticated after the revert.