Changing the password on an NSX appliance reverts the password expiration to 90 days.
search cancel

Changing the password on an NSX appliance reverts the password expiration to 90 days.

book

Article ID: 376166

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

  • The password expiration was changed by the CLI command such like "set user admin password-expiration 9999" in past.
  • The local user's password is changed by CLI command such like "set user admin password #####".
  • Then the password expiration is reverts to 90 days (default value).
  • Both NSX Manager and Edge are affected.
# The password expiration was set to a value other than the default.

nsx-edge> get user admin password-expiration
Thu Aug 29 2024 UTC 06:36:22.665
Password expires 9999 days after last change <<------- 
 Current password will expire in 9973 days
User will receive warning messages 7 days before password expires.

# Change the password.

nsx-edge> set user admin password ######## old-password ########

# The password-expiration reverts to 90 days (default value)

nsx-edge> get user admin password-expiration
Thu Aug 29 2024 UTC 06:36:50.691
Password expires 90 days after last change <<------- 
 Current password will expire in 91 days
User will receive warning messages 7 days before password expires.

Environment

Only NSX 4.1.x is affected by this issue.

Resolution

This issue is resolved in NSX 4.2.0 and later releases.

Change the password-expiration value again by admin CLI command for temporary workaround until upgrade.

This can also be avoided by changing the password using the following API with the password_change_frequency parameter.

PUT /api/v1/transport-nodes/{transport-node-id}/node/users/{userid}
PUT /api/v1/cluster/{cluster-node-id}/node/users/{userid}
PUT /api/v1/node/users/{userid}

* Update node user
https://dp-downloads.broadcom.com/api-content/apis/API_NTDCRA_001/4.2/html/api_includes/method_UpdateNodeUser.html

Powered by Wolken Software