Skip to content

cla passwd - Password encryption

cla passwd is a conversion tool for password encryption. It's also used in case we want to reset a password in the database directly for a given user.

It comprises 2 commands:

  • cla passwd - prints the encrypted password for a user, but does not change it in the database.

  • cla passwd-reset - works just like the cla passwd command, but changes it in the database.

Common Flags

  • -u : User name for which the password is to be encrypted is a required parameter and may be defined as an input parameter.
  • -p : Password to be encrypted. This parameter is optional. If not introduced, it can be typed into the console with a prompt.
  • -c : The config file is necessary when a secret key is not introduced.
  • --secret : If no config is supplied or if the config supplied doesn't have a secret: key entry, the secret encription key can be entered via the command line.

Optionally, a standard input pipe can be used to supply a password:

echo "secr3t" | cla passwd -u theuser -c theconfig

Setting a User's Password

Sometimes it's necessary to be able to reset a password for a user from the command-line. For instance if the administrator has lost its own password.

To reset a user's password, use the following command:

cla passwd-reset -u myuser -c myconfig
PASSWORD: [type the password here and hit ENTER]

It's necessary to specify a config environment so that the command can connect to the database to make the change.

Alternatively the password can be piped in or passed with the -p [password] flag, but that's not advised as it may leave traces in your shell history or be seen by other users in the same machine as a running process argument.