CODEWITHSUNDEEP
neo4jauthorization
zxz
zxz

Reputation: 1032

How to configure user and password for neo4j cluster without REST API

The version I use is neo4j-enterprise-2.2.0-M02

My question is : How can I configure a user (like add a new user, change the password ,etc) in backend or browser, instead of REST API? Can I do it via neo4j-shell? imagine that I am a DBA, it is not very convenient to do this by REST API.

Any help will be greatly appreciated!

Upvotes: 38

Views: 54090

Answers (11)

Muhammad Adel
Muhammad Adel

Reputation: 1

If you remember the old password, you can do the following by visiting http://localhost:7474/browser/:

:server change-password

If not and you are authenticated, run the following command:

ALTER USER neo4j SET PASSWORD 'New-Passowrd'

Upvotes: 0

Nate Anderson
Nate Anderson

Reputation: 21064

Note, I'm using neo4jDesktop for WIndows. As other answers suggest, I tried :server change-password command, but it didn't work.

:server change-password prompts me for existing password and new password. I don't know the existing password, I thought it would be the default neo4j, but that value didn't work (does anyone know why?1)

I was able to use the Neo4J browser (in which I was already authenticated?) and run the below ALTER USER command. Note it does not ask for my current password. (It will error if you provide a new password that is <8 characters long). This command is described on the neo4j website for password recovery for admins

ALTER USER neo4j SET PASSWORD 'neo4j-password'

Note I did not disable authentication in order to run the above command, as suggested on the neo4j site (which they recommend you undo afterwards, see "post-recovery")

I know this answer is many years late, but I don't see another answer like it; I'm posting this here in case it helps other people like me, (i.e. if you don't know the current password)

1 Why was my default password neo4j not working? Maybe I missed the step in Neo4j Desktop installation which prompts me to choose a new/non-default password?

screenshot of neo4j browser, :server change-password command did not work because I didn't get existing password correct. ALTER USER command works, it does not ask me for existing password

Upvotes: 0

Robin
Robin

Reputation: 1736

On Neo4j 4.0+, you can run:

$ cypher-shell

If it's the first time you connect, you can enter neo4j as user and password and you will be prompted to set a new password.

If you want to change the password afterwards, you can write in the Cypher shell:

:server change-password

Upvotes: 0

Urmay Shah
Urmay Shah

Reputation: 181

If you want to reset the password and you dont know the old password : then for Windows user go to this path:

C:\Users\xyz\Documents\Neo4j\default.graphdb\dbms

and delete that auth file. Restart the neo4j they will again ask to set the username and password!! by default username:neo4j password:neo4j

Upvotes: 2

Bunni H
Bunni H

Reputation: 41

To elaborate on felipe's response (since I do not have enough rep points to comment): I stopped the server, I deleted the auth files in BOTH:

  • DBROOT\data\auth
  • DBROOT\dbms\auth

Restarted the server, and connected to it via the localhost:7474, used the default username/password (neo4j/neo4j) and then it prompted me for a new password.

Upvotes: 1

felipe
felipe

Reputation: 1079

For Mac users, version 2.3.1 of Neo4J, best way to reset credentials is to remove the file with credential information and start the service again.

Steps to follow

  1. Find where the file that contains credentials is located from the browser console (localhost:7474). Go to Star (Favourites)->System->Server configuration
  2. Search for dbms.security.auth_store.location property to see where it points to. In my case it was /Users/felipe/Documents/Neo4j/default.graphdb/./dbms/auth
  3. Delete that file.
  4. Start the service again and go to the console again (localhost:7474).

By default you will be asked to set the password for the user neo4j.

I hope it helps.

Upvotes: 1

Brent Barbata
Brent Barbata

Reputation: 3641

Although still utilizing the REST API, I'll throw the cURL option out there to anyone who doesn't have access to a web browser (AWS instance, for example):

$ curl -H "Content-Type: application/json" -X POST -d '{"password":"WHATEVER THE PASSWORD IS"}' -u neo4j:neo4j http://localhost:7474/user/neo4j/password

Upvotes: 57

Jason McVetta
Jason McVetta

Reputation: 1409

A fresh install of Neo4j 2.2.x has a user 'neo4j', with an initial password 'neo4j'. You are required to change the password before you can do anything.

It's easy to do this from the command line, by calling httpie to interact with the REST API. For example, to set a new password of 'foobar', run this command:

http -a neo4j:neo4j POST http://localhost:7474/user/neo4j/password password=foobar

Upvotes: 5

J.J
J.J

Reputation: 3607

Another option is to modify the auth file directly and restart neo. Doing this, you can even change the username!

Run

find / -name dbms

For me this gave one hit:

/var/lib/neo4j/data/dbms/auth

Save this code as build_auth_string.sh:

#!/bin/bash

DEFAULT_IFS="$IFS"
SALT_LEN=32

# either read from stdin or use the argument
if [ -z "$1" ]; then
  read INPUT
else
  INPUT="$1"
fi

if [ -z "$INPUT" ]; then
 echo "correct format <uname:pass>"
 exit
fi

IFS=':'
read -a UNAME_PASS <<< "$INPUT"

UNAME="${UNAME_PASS[0]}"
PASS="${UNAME_PASS[1]}"

# representing the password in hex format like \xAB\x0C etc
# HEX_PASS=$(echo -n $PASS | xxd -p | awk '{print toupper($1);}' | sed -r 's/(.{2})/\\x\1/g')
HEX_PASS=$(echo -n $PASS | hexdump -v -e '"\\\x" 1/1 "%02X"')
# echo $HEX_PASS


# create the salt and store it in hex format
SALT=$(cat /dev/urandom | tr -dc 'a-f0-9' | fold -w $SALT_LEN | head -n 1)
# SALT="28FD26AD92D6D2D8820E969F3F3732B4"
HEX_SALT=$(echo -n $SALT | sed -r 's/(.{2})/\\x\1/g')


# calculate the sha256 sum of the salt and password value
# need to split the output because the output ends with a hyphen
IFS=' '
read -a PASSWORD_HASH_ARRAY <<< $(printf $HEX_SALT$HEX_PASS | sha256sum)
PASSWORD_HASH="${PASSWORD_HASH_ARRAY[0]}"

# echo "$UNAME;$PASS;$SALT"
# echo "$PASSWORD_HASH"

# and print out the auth string
COMBINED=$(echo -n "$PASSWORD_HASH,$SALT" | awk '{print toupper($1);}')
echo "$UNAME:SHA-256,$COMBINED:"

IFS="$DEFAULT_IFS"

The code for the above came from https://github.com/artsince/docker-neo4j-auth/blob/master/build_auth_string.sh - im posting it here just encase..

And then just run the above script like

build_auth_string.sh myUsername:myP@ssw0rd

Copy/paste that into your auth file replacing whatever was there before, and restart neo4j :)

Upvotes: 10

subvertallchris
subvertallchris

Reputation: 5472

You can use the browser instead of the API. Just go to http://localhost:7474 (or whatever IP to which the web console is bound) and you will be prompted to change the password. Once authenticated, use the command :server change-password to change the password again.

It is not yet possible to create multiple user accounts within the system.

You can use the command :help server to see available authentication commands.

Upvotes: 64

Stefan Armbruster
Stefan Armbruster

Reputation: 39915

Currently it's not possible to configure authorization using neo4j-shell. As you've mentioned the REST API is the way to go. Using a convenient REST client this is very easy.

My tools of choice is either postman (a plugin for chrome browser) or httpie for the command line. E.g. with httpie changing the password for a user is as simple as:

 http localhost:7474/user/neo4j/password password=neo4j new_password=mypass

Be aware that password (and other authorization settings) are not automatically distributed in a cluster, see the manual how to copy over settings between instances.

Upvotes: 1

Related Questions