How to change Opal admin password from WebUI

It’s possible to change the default admin password while setting up Opal, but is it also possible to change it afterwards from the web UI.

If not, I suppose enabling 2FA is the next best thing?


It is not possible, it has to be done manually on the server. This default user is more for the initial setup, and should not be used on a day to day basis. The best practices are:

As the (default) administrator

  • login
  • enable 2FA
  • create a real user (your name) so that the audit tracks your personal activity and add it to an admin group (call it “opal-admin” for instance, the name does not matter)
  • grant this group full administration permission: go to Administration > General settings > Permissions and add group permission (choose “Administrate”)
  • logout

As the new admin user

  • login
  • enable 2FA
  • verify you have all permissions
  • for any scripting operations: use personal access tokens


1 Like

Thank you.

The alternative would be to edit the shiro.ini file I presume?

The password must be hashed, instructions are in the shiro.ini file.

1 Like

And what do I have to do to update changes?

Restarting the opal process does not seem to update the shiro.ini passwords immediately (i can still log-in with the previous credentials)

Restart server is enough. That means you modified the wrong shiro.ini file.

1 Like

I have double checked and it seems to be the correct shiro.ini file. (dir matches output of which opal)

I restart the server with: sudo systemctl restart opal.service

On the administrator user profile the following message appears:


Your account was defined in the user directory “opal-ini-realm”. Please contact your system administrator to change the password in this directory.

Okay, maybe the issue is too verbose.

I recorded a video of myself changing the admin password and it not updating. Hopefully, this will let others see what the issue looks on my end:

  1. I use the shiro-hasher to get a new password
  2. Update the conf/shiro.ini file
  3. Restart opal
  4. But it still expects the old password

What could be the reason?


For the record of others, Ahmet was modifying the shiro.ini file from the Opal distribution folder (/usr/share/opal that contains the binaries and the default config), instead of the one from the Opal local installation: /etc/opal.

Following the common layout of application installation on linux systems:

  • /usr/share/opal is the distribution folder (replaced when upgraded)
  • /var/lib/opal is the local data folder
  • /etc/opal is the configuration folder
  • /var/log/opal is the log folder


1 Like