How to reset webui password in chef 11


#1

as title

thanks


Peng Yong


#2

Hi,

Chef 11 works with PostgreSQL, not CouchDB anymore. As a result, one way to
achieve your obiective is to reset the user credentials inside postgres.

  1. log-on to chef-server

  2. as opscode-pgsql user, connecto to postgres database

  3. delete user admin on table osc_users

  4. create again user admin with a dump taken from an installation with a
    known password…
    (here is mine, for example, where password is ‘password’)

INSERT INTO osc_users (id, authz_id, username, email, public_key,
hashed_password, salt, hash_type, last_updated_by, created_at,
updated_at, external_authentication_uid, recovery_authentication_enabled,
admin) VALUES (‘00000000000029565f69f272397a0151’,
‘00000000000029565f69f272397a0151’, ‘admin’, NULL, ‘-----BEGIN PUBLIC
KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlLLAHijW6jxP2bHYDTo
Y/tXba4VLYc94Hc1ufTbsONSTYxQcD8IVeGDZOIowgZr59LvqVKQYig3b8Zeu5GH
SNlN+nxSXuvdmjxcOQ4EpCrG1j/RI0Yiysq9BKTkM4104xP6gVNo3x9rVzihT/lU
ycukAIGuiooWhBQwAjJ9FVynZEBi2ZvaCX81W6MUUyJDbIqRwlDBIXxIcFH8+ke2
EnNVXj3sOocI/Wij72IDSoJD4iPGbrssX7iQr9NL0dSk2KzXUWU+lzd2+4U0Tpex
IB6eCVhkpfyFNUmrjy4wWBEMRqjPU0G4rns4AH4Z9DyNjNBLYuZ1A9VKk7K5rtSd
FwIDAQAB
-----END PUBLIC KEY-----
’, ‘$2a$12$y31Wno2MKiGXS3FSgVg5UunKG48gJz0pRV//RMy1osDxVbrb0On4W’,
’$2a$12$y31Wno2MKiGXS3FSgVg5Uu’, ‘erlang-bcrypt-0.5.0’,
‘00000000000029565f69f272397a0151’, ‘2013-02-14 13:17:31’, ‘2013-02-14
13:34:55’, NULL, false, true);

Ciao
Marco

On Sun, Mar 17, 2013 at 6:54 PM, 彭勇 ppyy@pubyun.com wrote:

as title

thanks


Peng Yong


Ing. Marco Betti
RHCE RHEL4 id 804006512121056


#3

thanks for your kindly help!

how can I generate the hashed password?

On Tuesday, March 19, 2013 at 4:31 PM, Marco Betti wrote:

Hi,

Chef 11 works with PostgreSQL, not CouchDB anymore. As a result, one way to achieve your obiective is to reset the user credentials inside postgres.

  1. log-on to chef-server

  2. as opscode-pgsql user, connecto to postgres database

  3. delete user admin on table osc_users

  4. create again user admin with a dump taken from an installation with a known password…
    (here is mine, for example, where password is ‘password’)

INSERT INTO osc_users (id, authz_id, username, email, public_key, hashed_password, salt, hash_type, last_updated_by, created_at,
updated_at, external_authentication_uid, recovery_authentication_enabled, admin) VALUES (‘00000000000029565f69f272397a0151’,
‘00000000000029565f69f272397a0151’, ‘admin’, NULL, ‘-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlLLAHijW6jxP2bHYDTo
Y/tXba4VLYc94Hc1ufTbsONSTYxQcD8IVeGDZOIowgZr59LvqVKQYig3b8Zeu5GH
SNlN+nxSXuvdmjxcOQ4EpCrG1j/RI0Yiysq9BKTkM4104xP6gVNo3x9rVzihT/lU
ycukAIGuiooWhBQwAjJ9FVynZEBi2ZvaCX81W6MUUyJDbIqRwlDBIXxIcFH8+ke2
EnNVXj3sOocI/Wij72IDSoJD4iPGbrssX7iQr9NL0dSk2KzXUWU+lzd2+4U0Tpex
IB6eCVhkpfyFNUmrjy4wWBEMRqjPU0G4rns4AH4Z9DyNjNBLYuZ1A9VKk7K5rtSd
FwIDAQAB
-----END PUBLIC KEY-----
’, ‘$2a$12$y31Wno2MKiGXS3FSgVg5UunKG48gJz0pRV//RMy1osDxVbrb0On4W’, ‘$2a$12$y31Wno2MKiGXS3FSgVg5Uu’, ‘erlang-bcrypt-0.5.0’,
‘00000000000029565f69f272397a0151’, ‘2013-02-14 13:17:31’, ‘2013-02-14 13:34:55’, NULL, false, true);

Ciao
Marco

On Sun, Mar 17, 2013 at 6:54 PM, 彭勇 <ppyy@pubyun.com (mailto:ppyy@pubyun.com)> wrote:

as title

thanks


Peng Yong


Ing. Marco Betti
RHCE RHEL4 id 804006512121056


#4

I haven’t investigated, I wouldn’t consider this to be “the way” to manage
webui password.
Looking at hash_type field I see “erlang-bcrypt-0.5.0”
(https://github.com/smarkets/erlang-bcrypt)

The workaround I found is really “quick and dirty”… we tried it when a
collegue lost its webui password on a local installation and… it worked
:wink:

If you copy and paste my example, password is ‘password’, after you can
change via webui obviously.

Ciao
Marco

On Tue, Mar 19, 2013 at 9:39 AM, Peng Yong ppyy@juyide.com wrote:

thanks for your kindly help!

how can I generate the hashed password?

On Tuesday, March 19, 2013 at 4:31 PM, Marco Betti wrote:

Hi,

Chef 11 works with PostgreSQL, not CouchDB anymore. As a result, one way
to achieve your obiective is to reset the user credentials inside postgres.

  1. log-on to chef-server

  2. as opscode-pgsql user, connecto to postgres database

  3. delete user admin on table osc_users

  4. create again user admin with a dump taken from an installation with a
    known password…
    (here is mine, for example, where password is ‘password’)

INSERT INTO osc_users (id, authz_id, username, email, public_key,
hashed_password, salt, hash_type, last_updated_by, created_at,
updated_at, external_authentication_uid, recovery_authentication_enabled,
admin) VALUES (‘00000000000029565f69f272397a0151’,
‘00000000000029565f69f272397a0151’, ‘admin’, NULL, ‘-----BEGIN PUBLIC
KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlLLAHijW6jxP2bHYDTo
Y/tXba4VLYc94Hc1ufTbsONSTYxQcD8IVeGDZOIowgZr59LvqVKQYig3b8Zeu5GH
SNlN+nxSXuvdmjxcOQ4EpCrG1j/RI0Yiysq9BKTkM4104xP6gVNo3x9rVzihT/lU
ycukAIGuiooWhBQwAjJ9FVynZEBi2ZvaCX81W6MUUyJDbIqRwlDBIXxIcFH8+ke2
EnNVXj3sOocI/Wij72IDSoJD4iPGbrssX7iQr9NL0dSk2KzXUWU+lzd2+4U0Tpex
IB6eCVhkpfyFNUmrjy4wWBEMRqjPU0G4rns4AH4Z9DyNjNBLYuZ1A9VKk7K5rtSd
FwIDAQAB
-----END PUBLIC KEY-----
’, ‘$2a$12$y31Wno2MKiGXS3FSgVg5UunKG48gJz0pRV//RMy1osDxVbrb0On4W’,
’$2a$12$y31Wno2MKiGXS3FSgVg5Uu’, ‘erlang-bcrypt-0.5.0’,
‘00000000000029565f69f272397a0151’, ‘2013-02-14 13:17:31’, ‘2013-02-14
13:34:55’, NULL, false, true);

Ciao
Marco

On Sun, Mar 17, 2013 at 6:54 PM, 彭勇 ppyy@pubyun.com wrote:

as title

thanks


Peng Yong


Ing. Marco Betti
RHCE RHEL4 id 804006512121056


Ing. Marco Betti
RHCE RHEL4 id 804006512121056


#5

sudo -u opscode-pgsql /opt/chef-server/embedded/bin/psql opscode_chef

update osc_users set hashed_password = ‘$2a$12$y31Wno2MKiGXS3FSgVg5UunKG48gJz0pRV//RMy1osDxVbrb0On4W’ , salt =’$2a$12$y31Wno2MKiGXS3FSgVg5Uu’ where username =‘admin’;

and login with user ‘admin’ and password ‘password’, it works now.

thanks again


Peng Yong

On Tuesday, March 19, 2013 at 8:41 PM, Marco Betti wrote:

I haven’t investigated, I wouldn’t consider this to be “the way” to manage webui password.
Looking at hash_type field I see “erlang-bcrypt-0.5.0”
(https://github.com/smarkets/erlang-bcrypt)

The workaround I found is really “quick and dirty”… we tried it when a collegue lost its webui password on a local installation and… it worked :wink:

If you copy and paste my example, password is ‘password’, after you can change via webui obviously.

Ciao
Marco

On Tue, Mar 19, 2013 at 9:39 AM, Peng Yong <ppyy@juyide.com (mailto:ppyy@juyide.com)> wrote:

thanks for your kindly help!

how can I generate the hashed password?

On Tuesday, March 19, 2013 at 4:31 PM, Marco Betti wrote:

Hi,

Chef 11 works with PostgreSQL, not CouchDB anymore. As a result, one way to achieve your obiective is to reset the user credentials inside postgres.

  1. log-on to chef-server

  2. as opscode-pgsql user, connecto to postgres database

  3. delete user admin on table osc_users

  4. create again user admin with a dump taken from an installation with a known password…
    (here is mine, for example, where password is ‘password’)

INSERT INTO osc_users (id, authz_id, username, email, public_key, hashed_password, salt, hash_type, last_updated_by, created_at,
updated_at, external_authentication_uid, recovery_authentication_enabled, admin) VALUES (‘00000000000029565f69f272397a0151’,
‘00000000000029565f69f272397a0151’, ‘admin’, NULL, ‘-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlLLAHijW6jxP2bHYDTo
Y/tXba4VLYc94Hc1ufTbsONSTYxQcD8IVeGDZOIowgZr59LvqVKQYig3b8Zeu5GH
SNlN+nxSXuvdmjxcOQ4EpCrG1j/RI0Yiysq9BKTkM4104xP6gVNo3x9rVzihT/lU
ycukAIGuiooWhBQwAjJ9FVynZEBi2ZvaCX81W6MUUyJDbIqRwlDBIXxIcFH8+ke2
EnNVXj3sOocI/Wij72IDSoJD4iPGbrssX7iQr9NL0dSk2KzXUWU+lzd2+4U0Tpex
IB6eCVhkpfyFNUmrjy4wWBEMRqjPU0G4rns4AH4Z9DyNjNBLYuZ1A9VKk7K5rtSd
FwIDAQAB
-----END PUBLIC KEY-----
’, ‘$2a$12$y31Wno2MKiGXS3FSgVg5UunKG48gJz0pRV//RMy1osDxVbrb0On4W’, ‘$2a$12$y31Wno2MKiGXS3FSgVg5Uu’, ‘erlang-bcrypt-0.5.0’,
‘00000000000029565f69f272397a0151’, ‘2013-02-14 13:17:31’, ‘2013-02-14 13:34:55’, NULL, false, true);

Ciao
Marco

On Sun, Mar 17, 2013 at 6:54 PM, 彭勇 <ppyy@pubyun.com (mailto:ppyy@pubyun.com)> wrote:

as title

thanks


Peng Yong


Ing. Marco Betti
RHCE RHEL4 id 804006512121056


Ing. Marco Betti
RHCE RHEL4 id 804006512121056