Changing secure passwords

User and administrator usernames and passwords are stored in salted hash forms in the root_install/conf/Users.xml file.
To change or reset a password, use one of the following methods:

• Administrator Console
  
• Command line
  
• Admin API

To reset a password using the Administrator Console:

1. Log in to the Administration Console as the server administrator.

2. Click Manage Users.
   
3. Select the user whose password you wish to change or reset.

4. Select ”Reset the password for this user.”
   
5. Enter the new password and select “Reset Password.”

Note: The default password policy specifies that the password must be at least eight characters. You can enable or disable this password policy using the PasswordPolicy element in the Users.xml file. By default the value of PasswordPolicy is true.

To turn off the password policy so that there is no minimum password length, update the Users.xml file with the following line:

<Root><PasswordPolicy enable="false"></PasswordPolicy></Root>

When you click Reset Password, the new password is written to the Users.xml file in the salted hash form. For this reason, the write access to the Users.xml configuration file should be monitored.

To reset a password from the command line:

On Linux

1. Open a command window.
2. Change directories to the Adobe Media Server installation directory:
   (default) /opt/adobe/ams
3. Stop Adobe Media Server and Adobe Media Administration Server.
4. Enter the following command:
   ./amsadmin -console -user <username>
5. Enter a minimum eight character password.

Alternatively, you can specify the password in the command line as follows:

./amsadmin -console -user <username> -password <password>

On Windows

1. Open a command window.
2. Change directories to the Adobe Media Server installation directory:
   (default) C:\Program Files\Adobe\Adobe Media Server 5
3. Stop Adobe Media Server and Adobe Media Administration Server.
4. Enter the following command:
amsadmin -console -user <username>
5. Enter a minimum eight character password.

Alternatively, you can specify the password in the command line as follows:

amsadmin -console -user <username> -password <password>

Note: The password is not exposed because terminal echo is off.

You can also call amsadmin in your script without displaying the password:

#!/bin/bash echo "Changing password" ./amsadmin -console -user admin -password `echo $1` echo "Password changed"

Here, the password to be set is given as the first parameter to the script.

You can use the changePswd() API to reset a password. Call the changePswd() API as follows:

RTMP/E
changePswd(admin_name:String, password:String [,scope:String]) : Object

HTTP
http://www.example.com:1111/admin/changePswd?auser=username&apswd=password&username=name &password=password[&scope=scope]

Parameters

admin_name A String indicating the name of the administrator whose password is being changed.

username A String indicating the name of the user whose password is being changed.

password A String indicating the administrator’s new password.

scope A String indicating whether the administrator is a server administrator or virtual host administrator, and for which virtual host. To change the password for the specified administrator on the virtual host to which you’re connected, omit this parameter. To change the password for the specified administrator on a different virtual host, specify adaptor_name/virtual_hostname. To change a server administrator’s password, specify server.

auser A String indicating the user name of the administrator.

apswd A String indicating the password of the administrator.

Returns

RTMP/E If the call succeeds, the server sends a reply information object with a level property of status and a code property of NetConnection.Call.Success. If the call fails, the server sends a reply information object with a level property of error and a code property of NetConnection.Admin.CommandFailed or a more specific value, if available. Some objects might also have a description property that contains a string describing the cause of the failure. If the specified administrator does not exist, this method fails.

HTTP A call returns XML with the following structure:

<result>
<level></level>
<code></code>
<timestamp></timestamp>
</result>

The XML elements contain the same information as the Object properties returned in an RTMP/E call.

Example

nc_admin = new NetConnection();
nc_admin.addEventListener(NetStatusEvent.NET_STATUS, onStatus);
nc_admin.connect("rtmp://localhost:1111/admin", "JLee", "x52z49ab");

function onStatus(event:NetStatusEvent):void{
   if(event.info.code==”NetConnection.Connect.Success){
/* Change password for server administrator named "ASilva" to "cbx5978y" */
   nc_admin.call("changePswd", new onChangePswd(), "ASilva", "cbx5978y", "server");

/* Change password for virtual host administrator "JLee" to "kbat3786" on */
/* virtual host "tree.oak.com" */
   nc_admin.call("changePswd", new onChangePswd(), "JLee", "kbat3786",
  "_defaultRoot_/tree.oak.com");
   }
}

Note: All the previously mentioned methods change the password for a specific user. The new password is encoded and then written to the Users.xml configuration file.

Virtual host administrators can only change their own password.

Secure passwords can be changed by using either the Administrator console, the command line utility, or the changePswd() Admin API.

Learn more about the Admin APIs here.

Learn more about using the Administrator console here.