ACS Change Alfresco Admin Password

acs_pwd_md4_hash.py

#!/usr/bin/python3
import hashlib
import sys
import getpass

print("*************************************************************")
print("* Generate md4 password hash for alfresco content services  *")
print("*************************************************************")

# https://docs.python.org/3.8/library/getpass.html
input_pwd = getpass.getpass(prompt='Enter Password: ')

print("Hashing the password: '"+ input_pwd +"'") 

#hash = hashlib.new('md4', sys.argv[1].encode('utf-16le')).digest()
hash = hashlib.new('md4', input_pwd.encode('utf-16le')).digest()
print(bytes.hex(hash))

acs_pwd_md4_hash.sh

#!/bin/bash
echo "*************************************************************"
echo "* Generate md4 password hash for alfresco content services  *"
echo "*************************************************************"

echo -n "Enter Password: "
# Read user input
read -s input_password
echo ""
echo -e "MD4 Hashing the password:\n${input_password}"

# generate acs md4 hash
#echo -n "$input_password" | iconv -t utf16le | openssl md4 | cut -d ' ' -f 2
printf '%s' "${input_password}" | iconv -t utf16le | openssl md4 | cut -d ' ' -f 2

updateACSUserPasswordHash.sql

-- Documentation:
-- https://docs.alfresco.com/content-services/6.2/admin/security/#admin-password-in-default-authentication

-- Get PWD hash from a specific acs user
 SELECT anp1.node_id,
        anp1.qname_id,
        anp1.string_value
 FROM alf_node_properties anp1
    INNER JOIN alf_qname aq1 ON aq1.id = anp1.qname_id
    INNER JOIN alf_node_properties anp2 ON anp2.node_id = anp1.node_id
    INNER JOIN alf_qname aq2 ON aq2.id = anp2.qname_id
 WHERE aq1.local_name = 'password'
 AND aq2.local_name = 'username'
 AND anp2.string_value = 'admin'
 
 -- Change pwd hash value for specific acs user
 UPDATE alf_node_properties
  SET string_value='209c6174da490caeb422f3fa5a7ae634'
  WHERE
  node_id=4
  AND
  qname_id=10

How to change default admin password for Alfresco Content Services?

The official alfresco documentation for ACS 6.2.2
https://docs.alfresco.com/content-services/6.2/admin/security/#admin-password-in-default-authentication
explains that we can update or change the default admin password via SQL like

updateACSUserPasswordHash.sql

The way described works perfectly and it is also documented that the hash algorithm used can be specified via

# Preferred password encoding, md4, sha256, bcrypt10
system.preferred.password.encoding=md4

in the /tomcat/shared/classes/alfresco-global.properties

At the time of writing this article the alfresco documentation is missing the exact information how this password hash is generated and it does not mention that there is an second option to define a default admin password for initial acs setups.

The file
acs-6.2.2/web-server/webapps/alfresco/WEB-INF/lib/alfresco-repository-7.199.0/alfresco/repository.properties
tells us, that there are the following properties

# note: default admin username - should not be changed after installation
alfresco_user_store.adminusername=admin
# Initial password - editing this will not have any effect once the repository is installed
alfresco_user_store.adminpassword=209c6174da490caeb422f3fa5a7ae634

that can be overwritten via alfresco-global.properties for certain acs environments.

To change default admin password, generate a new hash value with either

Generate ACS MD4 Password Hash in bash:
acs_pwd_md4_hash.sh

Generate ACS MD4 Password Hash in Python3:
acs_pwd_md4_hash.py

and update the alfresco_user_store.adminpassword property in alfresco-global.properties

Note:
The alfresco_user_store.adminpassword is only set via first boot up (fresh DB init from ACS) and the way is perfect for CI environents which gets cleaned via ansible and wants to have a secure admin password after initialisation.
In case admin password was already set and you need to update the admin password string, using the provided SQL
updateACSUserPasswordHash.sql can be considered.

---

Special THX to @AFaust and @hi-ko for sharing the hash methods on official Alfresco Discord