Oracle Cloud Infrastructure Documentation

Unlock CO User

Command to unlock CO user.

The unlockCO command enable you to unlock a user account if it gets locked after you exceed the maximum number of user attempts, you can reset the login attempt count to zero. However, if you try to unlock a user account that is not locked, the system displays an error.

If a user account gets locked after exceeding the maximum number of attempts, you can reset their login attempt count to zero. However, if you try to unlock a user account that is not locked, the system displays an error.

Complete the following steps to unlock an CO user account:
  1. Get challenges of the locked user by using getChallenge command.
  2. Sign the challenge with Partition Owner key.
    # openssl dgst -sha256 -sign /opc/oci/hsm/data/pkey-c -out challenge.sign0 challenge_node_0
# openssl dgst -sha256 -sign /opc/oci/hsm/data/pkey-c -out challenge.sign1 challenge_node_1
# openssl dgst -sha256 -sign /opc/oci/hsm/data/pkey-c -out challenge.sign2 challenge_node_2
  3. Create a template file like below with the signature files paths.
    {
   "Unlock CO signatures":{
      "Node 1":"/home/user/unlockCO/challenge.sign0",
      "Node 0":"/home/user/unlockCO/challenge.sign1",
      "Node 2":"/home/user/unlockCO/challenge.sign2"
   }
}

Syntax

unlockCO <CO name> <TemplateFilePath>
Parameter Description
CO name Name of the CO user to be unlocked
TemplateFilePath Path to template file which contains the signature file paths. Sample template file can be obtained running the command with non-existent file path.

Example

cloudmgmt>unlockUser cu_locked_user /home/user/unlockCO/co_template.t
*************************CAUTION********************************
This is a CRITICAL operation, should be done on all nodes in the
cluster. KMS server does NOT synchronize these changes with the
nodes on which this operation is not executed or failed, please
ensure this operation is executed on all nodes in the cluster.
****************************************************************
Do you want to continue(y/n)?y

UnlockUser cu_locked_user on 3 nodes
unlockUser success on server 0(<ip-address0>)
unlockUser success on server 0(<ip-address0>)
unlockUser success on server 0(<ip-address0>)