This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Possible to update password on a user by uploading a new config?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Palo Alto Networks Approved
Palo Alto Networks Approved
Community Expert Verified
Community Expert Verified

Possible to update password on a user by uploading a new config?

Go to solution
ThomasEikeland
L1 Bithead

‎12-05-2022 12:14 AM

Hi, i am new to palo alto and firewalls really. I have been tasked to be able to make a script which automatically can change the password on a palo alto firewall. Is it possible to do this by creating a new config file with a new password and then upload to the firewall?

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
BPry
Cyber Elite
Cyber Elite

‎12-05-2022 09:03 AM

@ThomasEikeland,

The problem that you'll run into isn't that it isn't possible, but that the passwords are hashed in the configuration and stored as a phash value. That being said, as long as you know what to set the phash value to, modifying it and uploading the configuration and committing it via the API isn't a problem at all.

The thing that you'll have to be mindful of is that your API account that you're using is something you wouldn't want to upgrade the password to. This will invalidate your keys, and you'd have to go back through and re-generate them with the new password. This is something you can easily work around and even automate updating through something like Vault, but it's good to be mindful of the consequences of rotating those credentials. 

 

View solution in original post

(1)
2 REPLIES 2

Go to solution
BPry
Cyber Elite
Cyber Elite

‎12-05-2022 09:03 AM

@ThomasEikeland,

The problem that you'll run into isn't that it isn't possible, but that the passwords are hashed in the configuration and stored as a phash value. That being said, as long as you know what to set the phash value to, modifying it and uploading the configuration and committing it via the API isn't a problem at all.

The thing that you'll have to be mindful of is that your API account that you're using is something you wouldn't want to upgrade the password to. This will invalidate your keys, and you'd have to go back through and re-generate them with the new password. This is something you can easily work around and even automate updating through something like Vault, but it's good to be mindful of the consequences of rotating those credentials. 

 

(1)

Go to solution
ThomasEikeland
L1 Bithead
In response to BPry

‎12-06-2022 04:17 AM

Thank you!

 

0 Likes Likes
  • 1 accepted solution
  • 1281 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks