0
120
Question Jani Hurskainen · Nov 18, 2024

Configuration Merge: CreateUser action with password fails

#InterSystems IRIS for Health

The following CPF entry:

[Actions]
CreateUser:Name=foobar,Roles=%All,Password=loremipsumdolorsitamet1234,FullName=Foo Bar,ChangePassword=1,Enabled=1,Comment=Testing testing,AccountNeverExpires=1,PasswordNeverExpires=1

Fails with an error:

ERROR #506: Invalid property error at line 19, 'Password=loremipsumdolorsitamet1234', Class Security.Users, Error=<CANNOT SET THIS PROPERTY>zPasswordSet+3^Security.Users.1

A bug or a feature or a stupid user error? The documentation says nothing about the limitations:

Password - InterSystems IRIS Authentication password for the user in clear text.  

And doing the same with ##class(Security.Users).Create() just works.

(I'm currently running CE container but that should make no difference here, right?)

Product version: IRIS 2022.1
$ZV: IRIS for UNIX (Ubuntu Server LTS for x86-64 Containers) 2022.1.5 (Build 940U) Thu Apr 18 2024 14:31:01 EDT
Discussion (3)0
Log in or sign up to continue

Comments

Alexander Koblov · Nov 19, 2024

I wonder if this is an error in the documentation, and you rather should use PasswordExternal property, that is for specifying clear text password

Tani's comment below is of course correct -- it's always a bad idea to put passwords in the plaintext

0
Tani Frankel · Nov 19, 2024

I believe you need to use PasswordHash, see for example from Docs:

[Actions]

CreateUser:Name=SQLAdmin,
  PasswordHash="cec6638a357e7586fddfb15c0e7dd5719a1964e774cd37466fb0c49c05,
  323cb89148c887166dd2be61c107710539af2c01b43f07dccc8d030ac2c1a8cf7c5ace4a00d57e3780f,10000,SHA512",
  Roles="%SQL,%DB_USER"

Re PasswordHash see more details in the related Docs. For example:

$ docker run --rm -it containers.intersystems.com/intersystems/passwordhash:1.1 -algorithm SHA512 -workfactor 10000
Enter password:
Enter password again:
PasswordHash=0fad6b1a565e04efb5fe9259da8457456883e0a3a42c1a34acec49cbbc1fb8c4c40f1846559ce180c103898db836,dd0874dc346d23679ed1b49dd9f48baae82b9062,10000,SHA512
0