You can use the command iinit with the option --ttl to set a temporary password in your iRODS client.

That password is not intended to be shared or used in other clients. It is just for the environment where it has been generated.

iinit -h --ttl
When using regular iRODS passwords you can use --ttl (Time To Live)
to request a credential (a temporary password) that will be valid
for only the number of hours you specify (up to a limit set by the
administrator).  This is more secure, as this temporary password
(not your permanent one) will be stored in the obfuscated
credential file (.irodsA) for use by the other iCommands.

When using PAM, iinit always generates a temporary iRODS password
for use by the other iCommands, using a time-limit set by the
administrator (usually a few days).  With the --ttl option, you can
specify how long this derived password will be valid, within the
limits set by the administrator.

The limit set by the administrator is configured in a server side variable called pam_password_max_time.

The default value of pam_password_max_time is 1209600 seconds (14 days or 336 hours).

If you use the PAM authentication and you do not specify the option --ttl then you can assume that the local temporary password lasts 14 days.

Please refer to the Known issues section to check the status of issues with this feature.

  • No labels