Hi Joao,

*** Edited to correct original answer ***

There is no "backdoor" for changing the Admin password without knowing the existing password. .  The admin user is an operating system user in the underlying Linux platform and so you need to have the current password in order to change it.  There is no access to root user that could perform a password reset.

The only option is to rebuild the VM.  If you have a snapshot from the system, you can also potentially restore this to a new appliance. This is because the admin pw is not part of the snapshot so the password from the newly build appliance will remain. 

https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.7/com.ibm.isam.doc/admin/task/alps_managing_snapshots.html

Jon.

Hjacking an old thread...  Does anyone know if this has changed in the several years ISVA has matured?  If the admin@local on a virtual appliance is lost, but we can still login as a global administrator user (either via LDAP authentication or via local user account), is it possible to update the local administrator password using admin_cfg or other REST API call?  Thanks!

Hi Joao,

*** Edited to correct original answer ***

There is no "backdoor" for changing the Admin password without knowing the existing password. .  The admin user is an operating system user in the underlying Linux platform and so you need to have the current password in order to change it.  There is no access to root user that could perform a password reset.

The only option is to rebuild the VM.  If you have a snapshot from the system, you can also potentially restore this to a new appliance. This is because the admin pw is not part of the snapshot so the password from the newly build appliance will remain. 

https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.7/com.ibm.isam.doc/admin/task/alps_managing_snapshots.html

Jon.

Hjacking an old thread...  Does anyone know if this has changed in the several years ISVA has matured?  If the admin@local on a virtual appliance is lost, but we can still login as a global administrator user (either via LDAP authentication or via local user account), is it possible to update the local administrator password using admin_cfg or other REST API call?  Thanks!

Hi Joao,

*** Edited to correct original answer ***

There is no "backdoor" for changing the Admin password without knowing the existing password. .  The admin user is an operating system user in the underlying Linux platform and so you need to have the current password in order to change it.  There is no access to root user that could perform a password reset.

The only option is to rebuild the VM.  If you have a snapshot from the system, you can also potentially restore this to a new appliance. This is because the admin pw is not part of the snapshot so the password from the newly build appliance will remain. 

https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.7/com.ibm.isam.doc/admin/task/alps_managing_snapshots.html

Jon.

Ugh, I was afraid you would say that.  Any chance this would be something that you all would entertain with an RFE/idea?  We've likely got a handful of appliances that, if we lost LDAP connectivity to, we would not be able to get back into.  Thanks Scott!

Hjacking an old thread...  Does anyone know if this has changed in the several years ISVA has matured?  If the admin@local on a virtual appliance is lost, but we can still login as a global administrator user (either via LDAP authentication or via local user account), is it possible to update the local administrator password using admin_cfg or other REST API call?  Thanks!

Hi Joao,

*** Edited to correct original answer ***

There is no "backdoor" for changing the Admin password without knowing the existing password. .  The admin user is an operating system user in the underlying Linux platform and so you need to have the current password in order to change it.  There is no access to root user that could perform a password reset.

The only option is to rebuild the VM.  If you have a snapshot from the system, you can also potentially restore this to a new appliance. This is because the admin pw is not part of the snapshot so the password from the newly build appliance will remain. 

https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.7/com.ibm.isam.doc/admin/task/alps_managing_snapshots.html

Jon.

Ugh, I was afraid you would say that.  Any chance this would be something that you all would entertain with an RFE/idea?  We've likely got a handful of appliances that, if we lost LDAP connectivity to, we would not be able to get back into.  Thanks Scott!

Hjacking an old thread...  Does anyone know if this has changed in the several years ISVA has matured?  If the admin@local on a virtual appliance is lost, but we can still login as a global administrator user (either via LDAP authentication or via local user account), is it possible to update the local administrator password using admin_cfg or other REST API call?  Thanks!

Hi Joao,

*** Edited to correct original answer ***

There is no "backdoor" for changing the Admin password without knowing the existing password. .  The admin user is an operating system user in the underlying Linux platform and so you need to have the current password in order to change it.  There is no access to root user that could perform a password reset.

The only option is to rebuild the VM.  If you have a snapshot from the system, you can also potentially restore this to a new appliance. This is because the admin pw is not part of the snapshot so the password from the newly build appliance will remain. 

https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.7/com.ibm.isam.doc/admin/task/alps_managing_snapshots.html

Jon.

Hjacking an old thread...  Does anyone know if this has changed in the several years ISVA has matured?  If the admin@local on a virtual appliance is lost, but we can still login as a global administrator user (either via LDAP authentication or via local user account), is it possible to update the local administrator password using admin_cfg or other REST API call?  Thanks!

Hi Joao,

*** Edited to correct original answer ***

There is no "backdoor" for changing the Admin password without knowing the existing password. .  The admin user is an operating system user in the underlying Linux platform and so you need to have the current password in order to change it.  There is no access to root user that could perform a password reset.

The only option is to rebuild the VM.  If you have a snapshot from the system, you can also potentially restore this to a new appliance. This is because the admin pw is not part of the snapshot so the password from the newly build appliance will remain. 

https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.7/com.ibm.isam.doc/admin/task/alps_managing_snapshots.html

Jon.

If the snapshot contains everything you need, would the following work ?

1. Take a snapshot and store it outside (media/network server)
2. Factory reset the appliance
3. Set the initial admin password
4. Restore the snapshot

Hjacking an old thread...  Does anyone know if this has changed in the several years ISVA has matured?  If the admin@local on a virtual appliance is lost, but we can still login as a global administrator user (either via LDAP authentication or via local user account), is it possible to update the local administrator password using admin_cfg or other REST API call?  Thanks!

Hi Joao,

*** Edited to correct original answer ***

There is no "backdoor" for changing the Admin password without knowing the existing password. .  The admin user is an operating system user in the underlying Linux platform and so you need to have the current password in order to change it.  There is no access to root user that could perform a password reset.

The only option is to rebuild the VM.  If you have a snapshot from the system, you can also potentially restore this to a new appliance. This is because the admin pw is not part of the snapshot so the password from the newly build appliance will remain. 

https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.7/com.ibm.isam.doc/admin/task/alps_managing_snapshots.html

Jon.

Yes but that would require a significant outage on the virtual appliances in question.  Virtual appliance builds are complicated and lengthy in the environments (without going into a lot of detail).  So we try to avoid them at all costs (hence why we have been moving more towards containerization).

One thing I did wonder, however, is that in the containers the admin password is now stored in the snapshot (I forget which v10 release this happened in).  This was done so that the admin password that is exposed via the container environment variable (and hence available to anyone with access to the container environment) is only used during the initial build of the configuration container.  I had wondered if this change of storing the admin password in the snapshot may have made it into the virtual appliances, since the codebases are similar.  I assume not, however, but honestly I haven't tried to take a snapshot, change the admin password, and restore the snapshot to see if the password changes back in newer versions.

If the snapshot contains everything you need, would the following work ?

1. Take a snapshot and store it outside (media/network server)
2. Factory reset the appliance
3. Set the initial admin password
4. Restore the snapshot

Hjacking an old thread...  Does anyone know if this has changed in the several years ISVA has matured?  If the admin@local on a virtual appliance is lost, but we can still login as a global administrator user (either via LDAP authentication or via local user account), is it possible to update the local administrator password using admin_cfg or other REST API call?  Thanks!

Hi Joao,

*** Edited to correct original answer ***

There is no "backdoor" for changing the Admin password without knowing the existing password. .  The admin user is an operating system user in the underlying Linux platform and so you need to have the current password in order to change it.  There is no access to root user that could perform a password reset.

The only option is to rebuild the VM.  If you have a snapshot from the system, you can also potentially restore this to a new appliance. This is because the admin pw is not part of the snapshot so the password from the newly build appliance will remain. 

https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.7/com.ibm.isam.doc/admin/task/alps_managing_snapshots.html

Jon.