Updating the NSX-T Admin Password

Page last updated:

This topic provides instructions for updating the NSX-T administrator password for use with Enterprise Pivotal Container Service (Enterprise PKS).

Prerequisites

Make sure you have completed all preceding NSX-T installation and configuration tasks.

About the NSX-T Admin Password

VMware NSX-T Data Center v2.4 and later introduces the following password policy enhancements:

  • Enforces minimum password length of 12 characters for default passwords.
  • Introduces ability to set password expiration times and generates alarms when password is about to expire.

The default password expiration interval is 90 days. After this period, the NSX-T administrator password will expire on all NSX-T Manager Nodes and all NSX-T Edge Nodes.

Note: For existing Enterprise PKS deployments, anytime the NSX-T password is changed you must update the BOSH and PKS tiles with the new passwords. See Managing Infrastructure Password Changes for more information.

Update the Password for NSX Manager Nodes

To update the NSX Manager password, perform the following actions on one of the NSX Manager nodes. The changes will be propagated to all NSX Manager nodes.

Note: You only need to do this on one of the NSX-T Manager nodes. The changes will be propagated to the other NSX-T Manager nodes.

SSH to the NSX Manager Node

To manage user password expiration, you use the CLI on one of the NSX Manager nodes.

To access a NSX Manager node, from Unix hosts use the command ssh USERNAME@IP_ADDRESS_OF_NSX_MANAGER.

For example:

ssh admin@10.196.188.22

On Windows, use Putty and provide the IP address for NSX Manager. Enter the user name and password that you defined during the installation of NSX-T.

Get the password expiration interval

To get the password expiration interval, use the following command:

get user USERNAME password-expiration

For example:

NSX CLI (Manager, Policy, Controller 2.4.1.0.0.13716579). Press ? for command list or enter: help
nsx-manager> get user admin password-expiration
Password expires 90 days after last change

Update the admin password

To update the user password, use the following command:

set user USERNAME password NEW-PASSWORD old-password OLD-PASSWORD.

For example:

set user admin password my-new-pwd old-password my-old-pwd

Set the admin password expiration interval

To set the password expiration interval, use the following command:

set user USERNAME password-expiration PASSWORD-EXPIRATION.

For example, the following command sets the password expiration interval to 120 days:

set user admin password-expiration 120

Remove the admin password expiration interval

To remove password expiration, use the following command:

clear user USERNAME password-expiration.

For example:

clear user admin password-expiration

To verify:

nsx-manager-1> clear user admin password-expiration
nsx-manager-1> get user admin password-expiration
Password expiration not configured for this user

Update Other NSX-T Password Expiration Intervals

You may also want or need to update other NSX-T password intervals for the audit and root users.

For example:

nsx-manager-1> clear user audit password-expiration
nsx-manager-1> get user audit password-expiration
Password expiration not configured for this user
nsx-manager-1> clear user root password-expiration
nsx-manager-1> get user root password-expiration
Password expiration not configured for this user

Update the Password for NSX Edge Nodes

To update the NSX Edge Node password, perform the following actions on each NSX Edge Node.

Note: You must update the password interval on each NSX Edge Node.

Enable SSH

SSH on the Edge Node is disabled by default. You have to enable SSH on the Edge Node using the the Console from vSphere.

start service ssh
set service ssh start-on-boot

SSH to the NSX Edge Node

For example:

ssh admin@10.196.188.25

Get the password expiration interval for the Edge Node

For example:

nsx-edge> get user admin password-expiration
Password expires 90 days after last change

Update the user password for the Edge Node

For example:

nsx-edge> set user admin password my-new-pwd old-password my-old-pwd

Set the password expiration interval

For example, the following command sets the password expiration interval to 120 days:

nsx-edge> set user admin password-expiration 120

Remove the password expiration interval

For example:

nsx-edge> clear user admin password-expiration
nsx-edge> get user admin password-expiration
Password expiration not configured for this user

Repeat for Other NSX-T Users

For example:

nsx-manager-1> clear user audit password-expiration
nsx-manager-1> get user audit password-expiration
Password expiration not configured for this user
nsx-manager-1> clear user root password-expiration
nsx-manager-1> get user root password-expiration
Password expiration not configured for this user

NSX-T Installation Instructions Home

Installing and Configuring NSX-T for Enterprise PKS.


Please send any feedback you have to pks-feedback@pivotal.io.