Here is a method you can use to reset a lost VIO padmin password from the HMC with zero downtime on the VIO server. This is a somewhat involved process, but much easier than having to take a downtime on the VIO server to change the password. This is a very challenging task because the viosvrcmd HMC command doesn't allow the command run on the VIO server to have a pipe ("|"), or any redirection ("<", ">") and doesn't allow for interactive input. So this rules out using something like "chpasswd" to change the password.
Step 1: Find the current padmin password hash.
From the HMC, type (change "-m p520 -p vio1" to your managed system / VIO server names)
command=`printf "oem_setup_env\ncat /etc
Look for the padmin stanza and its password hash:
padmin:
password = TRl01MDd3QnVw
lastupdate = 1352950198
password = TRl01MDd3QnVw
lastupdate = 1352950198
Step 2: Generate a new password hash.
From a different AIX server that has openssh/openssl installed, type "openssl passwd" and type in the new password that you want to assign to the padmin account. Openssl will generate the password hash and display it on the screen.
# openssl passwd
Password:
Verifying - Password:
OSdD0E9SQYE.E
Password:
Verifying - Password:
OSdD0E9SQYE.E
Step 3: Replace the VIO padmin's password hash with the new password hash from the HMC using viosvrcmd/perl.
Use a command similiar to this from the HMC
co
In our example, it would be (make sure to change "-m p520 -p vio1" to your managed system / VIO names)
command=`printf "oem
Step 4: Optionally reset padmin failed login count.
If you need to reset the failed login count, run this command from the HMC: (make sure to change "-m p520 -p vio1" to your managed system / VIO name
co
Update: If the old or new password hash has a slash in it ("/") then the perl line above needs to be changed.. Instead use a different delimiter such as a comma:
command=`printf "oem
0 blogger-disqus:
Post a Comment