Changing the UI password in OH 3.0?

So I guess I created a user/password when I first connected to the UI in OH 3.0. However, I am now asked for it and have no idea what it is… I guess my password manager didn’t save it.

Is it possible to reset it, maybe over the openhab CLI? I can’t find docs for that, maybe because I really can’t find OH 3.0 specific docs either.

I tried to stop openhab, delete userdata/jsondb/users.json and restart, hoping to be prompted to create a new user, but the users.json file reappeared with a user and a password hash… So I’m locked out.

You should be able to work out how to do it using the Karaf console and using google on what commands are needed. Seems the user details are kept in a file not in the DB from a quick look. Karaf is used by other projects not just openhab so be sure to look more broader then just on this forum. The V3 docs are still being written.

So Karaf is just a small container and if I connect to it (port 8101) I get to the openHAB console, and I don’t see any commands to manage users? I had tried already and that’s why I asked too. Nothing in help brings user or password in sight. Neither does openhab help in the Karaf console.

Does this thread help?

So I went down the Kara rabbit hole and used the jaas commands (see security documentation

openhab> jaas:realm-list
Index │ Realm Name │ Login Module Class Name
──────┼────────────┼───────────────────────────────────────────────────────────────
1     │ karaf      │ org.apache.karaf.jaas.modules.properties.PropertiesLoginModule
2     │ karaf      │ org.apache.karaf.jaas.modules.publickey.PublickeyLoginModule
3     │ karaf      │ org.apache.karaf.jaas.modules.audit.FileAuditLoginModule
4     │ karaf      │ org.apache.karaf.jaas.modules.audit.LogAuditLoginModule
5     │ karaf      │ org.apache.karaf.jaas.modules.audit.EventAdminAuditLoginModule
6     │ openhab    │ org.openhab.core.auth.jaas.internal.ManagedUserLoginModule
openhab> jaas:realm-manage index 6
openhab> jaas:user-list
>
User Name │ Group │ Role
──────────┼───────┼──────────────
openhab   │       │ administrator
openhab> jaas:user-delete openhab
openhab> jaas:user-add openhab ###########
openhab> jaas:user-list
User Name │ Group │ Role
──────────┼───────┼──────────────
openhab   │       │ administrator
openhab> jaas:update
openhab> 

And I can login now, but the UI doesn’t show any page. I used to have Things, Model, Items, Rules, etc. in the left pane. Now… I have nothing:

This may be because after the update, the user I added has a role of user and not administrator (despite what jaas:user-list returned after the add, see above):

openhab> jaas:user-list
User Name │ Group │ Role
──────────┼───────┼─────
openhab   │       │ user
openhab>

However I can’t find a jaas command to set the role. There are commands to add a role to a group, but the user wasn’t part of a group before I deleted it, or after I added it back.

Ok, there is a jaas:role-add command. This then worked (in addition to the previous deletion and re-add of the user openhab):

openhab> jaas:realm-manage --index 6
openhab> jaas:role-add openhab administrator
openhab> jaas:user-list
User Name │ Group │ Role
──────────┼───────┼──────────────
openhab   │       │ administrator
openhab   │       │ user
openhab> jaas:role-delete openhab user
openhab> jaas:user-list
User Name │ Group │ Role
──────────┼───────┼──────────────
openhab   │       │ administrator
openhab   │       │ user
openhab> jaas:role-delete openhab user
openhab> jaas:user-list
User Name │ Group │ Role
──────────┼───────┼──────────────
openhab   │       │ administrator
openhab   │       │ user
openhab> jaas:update
openhab> jaas:user-list
No JAAS Realm/Login Module has been selected
                                            ~                                                                                openhab> jaas:realm-manage --index 6
openhab> jaas:user-list
User Name │ Group │ Role
──────────┼───────┼──────────────
openhab   │       │ administrator
openhab>

Edited to mention that the jaas:role-add command was mentioned in the thread I just checked out from @hafniumzinc. Good lead!

With recent snapshots you now have the more convenient openhab:users changePassword console command to change any user’s password, and since yesterday users can also change their own password from the profile page (link in the lower left corner of the UI) - but you have to type the old one so not applicable when you’ve forgotten it.

2 Likes

Great. I am using the openHAB Docker container from Docker Hub. How can I tell how recent that is and/or when it gets updated? The Dockerfile the page links to may not be updated every time, correct?

In the UI you have the build number in the Help & About page. You can then go to https://ci.openhab.org/job/openHAB3-Distribution/ to figure out when that particular build was made. AFAIK Docker images are updated for each new distribution build (as you can see it’s a downstream project in Jenkins).

Ok. So I am running build 1978, which is a week old (Oct 20). Looks like I have to pull new versions by hand:

$ sudo docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
openhab/openhab           3.0.0-snapshot      f31eccd5699b        6 days ago          621MB
linuxserver/code-server   latest              41cd8b566454        11 days ago         470MB
$ sudo docker pull openhab/openhab:3.0.0-snapshot
3.0.0-snapshot: Pulling from openhab/openhab
...
$ sudo docker images
REPOSITORY                TAG                 IMAGE ID            CREATED             SIZE
openhab/openhab           3.0.0-snapshot      285ae14ca058        9 hours ago         621MB
openhab/openhab           <none>              f31eccd5699b        6 days ago          621MB
linuxserver/code-server   latest              41cd8b566454        11 days ago         470MB
$ ssh -p 8101 openhab@localhost
openhab> openhab:users list
openhab (administrator)
openhab>

I guess that’s okay, so I can check a new version before committing to it.

I’m curious, why use jaas:realm... instead of openhab:users add <user> <pass> <role>? The later allowed me to add a new user.
Just trying to learn more about the underlying systems. thanks, Josh