Allowing users to change their own passwords
System administrators can enable the new Cluster Password (clpasswd) utility.
This utility, when enabled, links to the AIX® system password utility to:
- Let system administrators authorize specified users to change their password across cluster nodes
- Let authorized users change their own password across a resource
group or cluster (as configured), rather than having to change their
password on each node in the cluster.
This means that the user's AIX system password is the same on the set of nodes specified.
Note: The security of the password propagated to other nodes is only as secure as the network used to distribute the password.
Depending on the configuration of the Cluster Password utility, it lets users change their password using either:
- C-SPOC
- clpasswd command.
Both of these call the AIX passwd command. The clpasswd command uses the same arguments as the passwd command. For more information about the clpasswd command, see its man page.
The following table shows where a user's password is changed based on the user's authorization, the password utility that is active, and the command executed:
| User authorization | When the system password utility is linked to clpasswd and the AIX passwd command is run | When the system password utility is active (not linked to clpasswd) | |
|---|---|---|---|
| The AIX passwd command is run | The PowerHA® SystemMirror® clpasswd command is run | ||
| The user authorized to change password across cluster | The password is changed on all cluster nodes. | The password is changed only on the local node. | The password is changed on all cluster nodes. |
| The user is not authorized to change password across cluster | The password is changed only on the local node. | The password is changed only on the local node. | The password is not changed. |