ACA Blog

ACA Blog


November 2019
M T W T F S S
« Oct    
 123
45678910
11121314151617
18192021222324
252627282930  

Categories


Recovering an admin password in Liferay

Thomas MettenThomas Metten

The awkward moment when your login credentials do not work when you quickly need to make some changes, the embarrassment of not remembering the only administrator login when your colleague needs them. Your administrator credentials are lost. It has probably happened to quite a few of us. This can be very problematic when dealing with the credentials of the default administrator account in Liferay. This account, also known as test@liferay.com is often used on test and development Liferay installations. Losing the credentials for this account usually means losing all control over Liferay on these installations.

You should have documented these credentials somewhere! (Random developer)

Should have, could have… but didn’t. It is indeed true that maintaining complete and correct documentation can prevent these kind of situations. Having a project wiki helps tremendously in managing all the important information that needs to be shared. However, I am not writing this blog post to divulge all pro’s and con’s of a wiki to you. Our password is lost and we want it back, right now! Don’t panic. Besides of trying to get a hold of someone who does know the password or even installing a new Liferay, there are 2 fairly simple and straightforward methods to regain control over your account. Both however, depend on having access to Liferay’s database, so hopefully you are at least still able to log in to the database.

Screen Shot 2016-01-05 at 12.25.29

The first method is to use Liferay’s built-in passwordEncrypted flag:

  1. Go to the user_ table in the database.
  2. Find the user you want to gain access to.
  3. Set the password_ field to some plain text password.
  4. Set the passwordEncrypted field to 0.
  5. Set the passwordReset field to 1.
  6. Restart Liferay!
  7. Log in.

This will allow you to log in once with your own set password. Liferay will ask you to set a new password and that’s all. You have succesfully regained control! Your password will automatically become encrypted again in the database, so no need to worry about that.

The second method is a bit more crude and relies on having a second Liferay instance at hand, but it works just as well:

  1. Go to the user_ table from the second instance, and copy the encrypted password of a user you know the password of.
  2. Paste this password into the problematic user’s password_ field of the user_ table from the initial Liferay instance.
  3. Restart Liferay!
  4. Log in.

And again, great success! This method could be useful when there’s unauthorized eyes spying on you. Never will a password be visible in plain text.