Set guestuser1 and guestuser2 password expiration period on NSX-T manager
Article ID: 319113
Updated On:
Products
Issue/Introduction
Symptoms:
- NSX-T guestuser1 and and guestuser2 when enabled will have a default 90 day period before the password expires.
- There is no option in the GUI to change this frequency.
- There is no option in the nsxcli as admin to change this frequency.
Environment
VMware NSX-T Data Center 3.x
VMware NSX-T Data Center
Cause
The guest accounts are new local user accounts that have been added to NSX-T as of version 3.1.1.
By default they are disabled, when enabled they will have the same default password expiry of 90 days as other exiting local user's: admin, root and audit.
There is no nsxcli command for changing the password expiry on these local accounts as there is with admin, root and audit.
Resolution
This behavior is expected. There are currently no plans to change this behavior. To change the default expiry for the guest accounts, please review the steps in the workaround section.
Workaround:
The password expiry for these new users can be changed via REST API.
Please note:
guestuser2 has id of: 10004
Optionally, the current password expiry of all local users can be viewed with the following API call:
To change the password expiry of a guestuser, use the following API call :
In the above example we disabled the guestuser1 password expiration by setting the value of password_change_frequency to 0.
Note: You can also decrease or increase the password expiration window by setting the password_change_frequency value to the desired number of days instead of using 0, which disables password expiration.
If using a REST API client such as Postman instead of curl command:
Select the PUT option.
Add the basic authentication, enter the admin username and admin password.
Add the header: Content-Type as application/json
In the body enter the data: { "password_change_frequency": 0 }
Set the password_change_frequency value as desired and click Send.
Feedback
