Change user authentication and privacy keys dynamically.
pwchange [ -e ] [ -d DebugLevel ] [ -p Protocol ] [ -u KeyUsage ] [ -s ] [ OldPassword NewPassword ] [ IPAddress | HostName | EngineID ]
The pwchange command is provided to facilitate dynamic changes of user authentication and privacy keys. Dynamic configuration of authentication and privacy keys is done by doing set commands to objects of syntax keyChange. The keyChange syntax provides a way of changing keys without requiring that the actual keys (either new or old) be flowed directly across the wire, which would not be secure. Instead, if an object,such as usmUserAuthKeyChange (for example) is to be set, the keyChange value must be derived from the old and new passwords and the engineID of the agent at which the key will be used. The pwchange command is used to generate the keyChange values.
The pwchange command generates different output, depending on which protocol and what key usage is selected. Keychange values are typically twice as long as the key to be changed.
Item | Description |
---|---|
-d DebugLevel | This flag indicates what level of debug information is desired. Debug tracing is either on or off: 1 causes debug tracing to be generated to the screen of the command issuer (sysout). Debug tracing is off (0) by default. |
-e | This flag indicates that the agent for which the keychange value is being defined is identified by engineID rather than by IP address or host name. |
-p Protocol | This flag indicates the protocols for which the keychange values
should be generated. Valid values are:
|
-s | This flag indicates that output should be displayed with additional spaces to improve readability. By default, data is displayed in a condensed format to facilitate cut-and-paste operations on the keychange values onto command lines in shell scripts. |
-u KeyUsage | This flag indicates the usage intended for the keychange value.
Valid values are:
|
Item | Description |
---|---|
EngineID | Specifies the engineID (1-32 octets, 2-64 hex digits) of the destination host at which the key is to be used. The engineID must be a string of 1-32 octets (2-64 hex digits). The default is that the agent identification is not an engineID. |
HostName | Specifies the destination host at which the key is to be used. |
IPAddress | Specifies an IPv4 or an IPv6 address of the agent at the destination host at which the key is to be used. |
NewPassword | Specifies the password that will be used in generating the new key. The password must be between eight and 255 characters long. |
OldPassword | Specifies the password that was used in generating the key originally. The password must be between eight and 255 characters long. |
Attention RBAC users and Trusted AIX® users: This command can perform privileged operations. Only privileged users can run privileged operations. For more information about authorizations and privileges, see Privileged Command Database in Security. For a list of privileges and the authorizations associated with this command, see the lssecattr command or the getcmdattr subcommand.
The pwchange command generates different output depending on which protocol and what key usage is selected. Key change values are typically twice as long as the key to be changed.
pwchange oldpassword newpassword 9.67.113.79
The
output of this command looks similar to: Dump of 32 byte HMAC-MD5 authKey keyChange value:
3eca6ff34b59010d262845210a401656
78dd9646e31e9f890480a233dbe1114d
The value to be set
should be passed as a hex value with the clsnmp command (all
on one line): clsnmp set usmUserAuthKeyChange.12.0.0.0.2.0.0.0.0.9.67.113.79.2.117.49
\'3eca6ff34b59010d262845210a40165678dd9646e31e9f890480a233dbe1114d\'h
pwchange oldpassword newpassword 2000:1:1:1:209:6bff:feae:6d67
The
output of this command looks similar to: Dump of 32 byte HMAC-MD5 authKey keyChange value:
0000774adc53ba4b0427dc2f65568435
721847d1b5cb597daa85d003033afba3
The value to be set
should be passed as a hex value with the clsnmp command (all
on one line): clsnmp set usmUserAuthKeyChange.21.128.0.0.2.2.32.0.0.1.0.1.0.1.2.9.107.255.254.174.
109.103.6.105.112.118.54.117.49 \'36133c694155026620637761f835ef616de294f37f758c74ff1544ca3de279b8\'h