This Methodis used to change the password of the user for the Sessionused to call the Method. The Method shall fail with Bad_InvalidStateif the user token type for the Sessionis not USERNAME.

Even if the Methodis not browsable through a hierarchy for the Sessionuser, it shall be accessible and callable by the Sessionuser with the well defined NodeIdsfor the UserManagement Objectand the ChangePassword Method.

This Methodaffects security and shall only be browseable and callable through an encrypted channel. It shall be callable by the Sessionuser if the user token type for the Sessionis not USERNAME, even if the Rolefor the user is Anonymous.

Signature

ChangePassword(

[in]String OldPassword,

[in]String NewPassword

);

Argument

Description

OldPassword

The old password for the Sessionuser.

NewPassword

The new password for the Sessionuser. It is receommended that the user interface for entering the new password requires to enter the password twice to avoid typos.

The Servercan apply additional restrictions to the accepted password in addition to the one indicated by PasswordOptionMask.

Method Result Codes

ResultCode

Description

Bad_IdentityTokenInvalid

The old password is not valid.

Bad_OutOfRange

The new password is outside the valid range of accepted length and characters.

Bad_InvalidState

The caller is not authenticated with a USERNAME user token.

Bad_NotSupported

The password cannot be changed due to NoChangeByUseruser configuration mask setting.

Bad_SecurityModeInsufficient

The communication channel is not using encryption.

Bad_BadAlreadyExists

The new password matches the old password.