The version I use is neo4j-enterprise-2.2.0-M02

My question is : How can I configure a user (like add a new user, change the password ,etc) in backend or browser, instead of REST API? Can I do it via neo4j-shell? imagine that I am a DBA, it is not very convenient to do this by REST API.

Any help will be greatly appreciated!

You can use the browser instead of the API. Just go to http://localhost:7474 (or whatever IP to which the web console is bound) and you will be prompted to change the password. Once authenticated, use the command :server change-password to change the password again.

It is not yet possible to create multiple user accounts within the system.

You can use the command :help server to see available authentication commands.

Although still utilizing the REST API, I'll throw the cURL option out there to anyone who doesn't have access to a web browser (AWS instance, for example):

$ curl -H "Content-Type: application/json" -X POST -d '{"password":"WHATEVER THE PASSWORD IS"}' -u neo4j:neo4j http://localhost:7474/user/neo4j/password

Another option is to modify the auth file directly and restart neo. Doing this, you can even change the username!

Run

find / -name dbms

For me this gave one hit:

/var/lib/neo4j/data/dbms/auth

Save this code as build_auth_string.sh:

#!/bin/bash

DEFAULT_IFS="$IFS"
SALT_LEN=32

# either read from stdin or use the argument
if [ -z "$1" ]; then
  read INPUT
else
  INPUT="$1"
fi

if [ -z "$INPUT" ]; then
 echo "correct format <uname:pass>"
 exit
fi

IFS=':'
read -a UNAME_PASS <<< "$INPUT"

UNAME="${UNAME_PASS[0]}"
PASS="${UNAME_PASS[1]}"

# representing the password in hex format like \xAB\x0C etc
# HEX_PASS=$(echo -n $PASS | xxd -p | awk '{print toupper($1);}' | sed -r 's/(.{2})/\\x\1/g')
HEX_PASS=$(echo -n $PASS | hexdump -v -e '"\\\x" 1/1 "%02X"')
# echo $HEX_PASS


# create the salt and store it in hex format
SALT=$(cat /dev/urandom | tr -dc 'a-f0-9' | fold -w $SALT_LEN | head -n 1)
# SALT="28FD26AD92D6D2D8820E969F3F3732B4"
HEX_SALT=$(echo -n $SALT | sed -r 's/(.{2})/\\x\1/g')


# calculate the sha256 sum of the salt and password value
# need to split the output because the output ends with a hyphen
IFS=' '
read -a PASSWORD_HASH_ARRAY <<< $(printf $HEX_SALT$HEX_PASS | sha256sum)
PASSWORD_HASH="${PASSWORD_HASH_ARRAY[0]}"

# echo "$UNAME;$PASS;$SALT"
# echo "$PASSWORD_HASH"

# and print out the auth string
COMBINED=$(echo -n "$PASSWORD_HASH,$SALT" | awk '{print toupper($1);}')
echo "$UNAME:SHA-256,$COMBINED:"

IFS="$DEFAULT_IFS"

The code for the above came from https://github.com/artsince/docker-neo4j-auth/blob/master/build_auth_string.sh - im posting it here just encase..

And then just run the above script like

build_auth_string.sh myUsername:myP@ssw0rd

Copy/paste that into your auth file replacing whatever was there before, and restart neo4j :)

A fresh install of Neo4j 2.2.x has a user 'neo4j', with an initial password 'neo4j'. You are required to change the password before you can do anything.

It's easy to do this from the command line, by calling httpie to interact with the REST API. For example, to set a new password of 'foobar', run this command:

http -a neo4j:neo4j POST http://localhost:7474/user/neo4j/password password=foobar

For Mac users, version 2.3.1 of Neo4J, best way to reset credentials is to remove the file with credential information and start the service again.

Steps to follow

1. Find where the file that contains credentials is located from the browser console (localhost:7474). Go to Star (Favourites)->System->Server configuration
2. Search for dbms.security.auth_store.location property to see where it points to. In my case it was /Users/felipe/Documents/Neo4j/default.graphdb/./dbms/auth
3. Delete that file.
4. Start the service again and go to the console again (localhost:7474).

By default you will be asked to set the password for the user neo4j.

I hope it helps.

Currently it's not possible to configure authorization using neo4j-shell. As you've mentioned the REST API is the way to go. Using a convenient REST client this is very easy.

My tools of choice is either postman (a plugin for chrome browser) or httpie for the command line. E.g. with httpie changing the password for a user is as simple as:

 http localhost:7474/user/neo4j/password password=neo4j new_password=mypass

Be aware that password (and other authorization settings) are not automatically distributed in a cluster, see the manual how to copy over settings between instances.

To elaborate on felipe's response (since I do not have enough rep points to comment): I stopped the server, I deleted the auth files in BOTH:

• DBROOT\data\auth
• DBROOT\dbms\auth

Restarted the server, and connected to it via the localhost:7474, used the default username/password (neo4j/neo4j) and then it prompted me for a new password.

If you want to reset the password and you dont know the old password : then for Windows user go to this path:

C:\Users\xyz\Documents\Neo4j\default.graphdb\dbms

and delete that auth file. Restart the neo4j they will again ask to set the username and password!! by default username:neo4j password:neo4j