Skip to main content

PasswordHash

Set the default password for the predefined user accounts using a cryptographic hash of the password and its salt.

Synopsis

[Startup]    PasswordHash=a,b

a is a hashed password. b is salt.

Description

PasswordHash specifies a hashed password and the salt for the password to replace the default password of the predefined user acounts (SYS). Upon InterSystems IRIS® data platform startup, the stored password hash is set to the one specified in PasswordHash for each of the predefined accounts except CSPUser.

Important:

This parameter is intended primarily for use in deployment. It can be used just once on any given InterSystems IRIS instance, and only if the default password has not yet been changed for any of the predefined accounts.

Because allowing the default password to remain unchanged following deployment is a serious security risk, PasswordHash should be used in a configuration merge operation to change the default password during deployment and not later. (For information on how to change an individual user’s password, see Edit an Existing User Account in the Authorization Guide.)

Because a single password shared among the predefined accounts is a security risk, following deployment in which the default password has been changed using PasswordHash, you should log into each of the predefined accounts and change the password to a value specific to that account.

Note:

Blank passwords cannot be used with the PasswordHash setting.

Example

For details about hashing a password, an example of using PasswordHash when deploying a container, and information about the passwordhash nanocontainer provided by InterSystems that converts a plain-text password to the values required when using PasswordHash, see Authentication and Passwords in Running InterSystems Products in Containers.

Changing This Parameter

On the Startup page of the Management Portal (System Administration > Configuration > Additional Settings > Startup), in the PasswordHash row, select Edit. Paste in the hash and salt for your password.

Instead of using the Management Portal, you can change PasswordHash in the Config.Startup class (as described in the class reference) or by editing the CPF in a text editor (as described in the Editing the Active CPF section of the “Introduction to the Configuration Parameter File” chapter in this book).

See Also

Feedback