Extend the NSX-T default 90 days password-expiration policy

From Iwan
Revision as of 10:33, 21 January 2024 by Admin (talk | contribs)
Jump to: navigation, search

NSX-T has the default password policy that you need to change the "admin" password after 90 days. This can be annoying when you have a lab environment and need to change this every three months. In this article, I will show you how to extend the days your password is valid.

NSX-T Manager

You can set the policy to 9999 days with the following commands:

NSX CLI (Manager, Policy, Controller 2.4.1.0.0.13716579). Press ? for command list or enter: help
ih-dc1-nsxm-01-2> get user admin password-expiration
Password expires 90 days after last change

ih-dc1-nsxm-01-2> set user admin password-expiration 9999
ih-dc1-nsxm-01-2> get user admin password-expiration
Password expires 9999 days after last change

ih-dc1-nsxm-01-2>

NSX-T Edge

When you change to extend the password-expiration on the NSX-T Manager this is NOT automatically pushed to the Edge (VM). So we also need to do this in the Edges.

NSX CLI (Edge 2.4.1.0.0.13716583). Press ? for command list or enter: help
ih-dc1-edgen-02> get user admin password-expiration
Password expires 90 days after last change

ih-dc1-edgen-02> set user admin password-expiration 9999
ih-dc1-edgen-02> get user admin password-expiration
Password expires 9999 days after last change

ih-dc1-edgen-02>

I am always trying to improve the quality of my articles so if you see any errors, mistakes in this article or you have suggestions for improvement, please contact me and I will fix this.