Recover a locked Root User account

From FMR Knowledge Base
Revision as of 09:43, 19 January 2021 by Vmurrell (talk | contribs)
Jump to navigation Jump to search

Overview

If you need to reset the root password in Fusion Metadata Registry we supply a tool with the Registry that can help you do this and which does not require the Registry to be restarted. To perform this you will need:

  • A Java VM
  • Access to the database that is storing the settings for Fusion Registry

The process consists of 3 steps:

  1. Run the tool to generate a new password
  2. Apply the password to the Registry's database
  3. Ensure the password works

Running the Password Reset Tool

From a Command line run the Registry Resetter tool by issuing the command:

java -jar "password reset.jar"

The tool will respond with:

Please enter a new password, or press enter for a random password to be generated

So either type the new password you would like to use or press enter to have a random password generated. If you typed the new password as abcdefgh the tool will respond with:

your new password is: 'abcdefgh' and your new hash is: $2a$10$ASWui0vUQqbTXncVtijBjuNFB3voHv3mGGb.XsT5OnZ0FTARk.'

This hash now needs to be applied to the database.

Assigning the New Password Hash

The database that stores the settings for the Fusion Registry will contain a table called "registry_root_security". This table has a single row with the username of the root account and the hash for the password. The column "pwd" needs to be updated with the value from the password reset too. By way of example here is SQL to update a MySQL server with the new hash:

UPDATE `registry_root_security` SET pwd = '$2a$10$ASWui0vUQqbTXncVtijBjuNFB3voHv3mGGb.XsT5OnZ0FTARk.';

COMMIT;

Ensure that the Registry Accepts the new Password

Once the table has been updated, the credentials can be used. There is no need to restart the Fusion Registry.

Open a browser window and attempt to log in using the root credentials. If the new password doesn't work, please check the values entered into the table in the previous stage.

If you are still having trouble resetting the password, another technique is to modify the database so that when the Registry is restarted it returns to the Install Page. This process is described here.

If you know the password

To unlock it you will need access to the underlying database that stores all of the Registry information.

In the database there will be a table with the name 'registry_root_security'.

This table contains the following information about the root account: the username; the password (encrypted); the number of times a wrong password can be entered before the account is locked; whether or not the root account is locked.

To unlock a locked root user set the value of the column 'is_locked' to 0. There is no need to restart the Registry after this change, the root user is now unlocked.