Use the CollectionSpace API to change the password of immutable accounts like the default administrator and reader accounts. Here are instructions for one way to do this.
Base 64 encode your new password
First, encode your new password as a base 64 string. You can do this on Linux using the base64 utility. For example:
$ echo 'This is the password' | base64 VGhpcyBpcyB0aGUgcGFzc3dvcmQK
Create a file with the XML update payload
Next, you'll need to create the XML payload for the API and include the new base 64 encoded password. It should look something like this:
<ns2:accounts_common xmlns:ns2="http://collectionspace.org/services/account"> <userId>admin@core.collectionspace.org</userId> <password>VGhpcyBpcyB0aGUgcGFzc3dvcmQK</password> </ns2:accounts_common>
Copy this XML to a file named something like: myAccountUpdate.xml
Get the account's CSID
Next, you'll need to get the CSID (CollectionSpace ID) of the account whose password you want to change. You can use a browser and a URL endpoint like this to get the CSID:
http://core.collectionspace.org:8180/cspace-services/accounts
Make an HTTP request
Once you have the account's CSID, you can make an HTTP PUT request that looks something like this:
curl -X POST http://${domain}:8180/cspace-services/accounts/${csid} -i -u ${user}:${password} -H "Content-Type: application/xml" -T ${file}
${domain} - something like "core.collectionspace.org"
${csid} - CSID of the account
${user} - CollectionSpace username that has permissions to make changes to Accounts resources
${password} - The password for the ${user} account above.
${file} - The XML payload file containing the new password
For example, here is what an actual request might look like:
curl -X PUT http://core.collectionspace.org:8180/cspace-services/accounts/820b9795-fa4b-4142-9b61-e0f9de577d8f -i -u admin@core.collectionspace.org:Administrator -H "Content-Type: application/xml" -T myAccountUpdate.xml
The output of a successful API request will look something like this:
HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Cache-Control: no-cache, no-store, max-age=0, must-revalidate Pragma: no-cache Expires: 0 X-XSS-Protection: 1; mode=block X-Frame-Options: DENY X-Content-Type-Options: nosniff Content-Type: application/xml Content-Length: 555
Verify the new password
Voila! The account has a new password. You can test it by trying to login to the UI.