Hi everyone!
Today the password of the our PC admin’s account expired. I looked for the setting that allow modify it in PC GUI but i didn’t found it. Also, appears an advise password expiration in a secondary superadmin account.
How can we change or disable or change the pwd expiration in these accounts?
Many thanks in advance for you time! 😀
Best answer by JeroenTielen
If you login with another user which does have the appropriate credentials then go it Admin Center → IAM → Identities → Select the admin account and within action select “Change Password”
If you dont have account with correct permission make a key-pair (search nutanix cluster lockdown) and login with the admin account with the key-pair via ssh and change the password there.
Disabling the expiration is not recommended but you can do that with:
sudo chage -M 5000 admin (This will change the expiration timer to 5000 days)
sudo chage -l admin (This will list the settings for the admin account)
+8If you login with another user which does have the appropriate credentials then go it Admin Center → IAM → Identities → Select the admin account and within action select “Change Password”
If you dont have account with correct permission make a key-pair (search nutanix cluster lockdown) and login with the admin account with the key-pair via ssh and change the password there.
Disabling the expiration is not recommended but you can do that with:
sudo chage -M 5000 admin (This will change the expiration timer to 5000 days)
sudo chage -l admin (This will list the settings for the admin account)
Hi JeroenTielen!
So i can’t disable the admin expiration like it seems… OK!
by the other hand, i created two another admin accounts. Have it password expiration time too? As i read, it haven't... can you confirm it?
Thanks dude!😎
+8Local accounts always have the password expiration. You cant disable it but you can change it to somewhere in the future. Set is to after your pension ;) Just joking, beter is to create some runbook or something that will do a password rotating every x amount of days and store that in the keyvault.
Perfect Jeroen.
If my teammates consider it necessary we can extent the pwd expiration to the infinite and beyond wit the commnad sudo chage -M <days> <user> command . I suppose that i have to run it in any CVM of the cluster, right?
Cheers!😃
+8You will run this in the PCVM. But I will always involve support if this is for production environment.
Thanks for your assitance Jeroen!
Cheers! 😁
I'm afraid what you're indicating only applies to the "admin" user. Local users created in Prism Central (PC) and Prism Element (PE) do not have an expiration policy. The commands you mentioned work with the "admin" user but not with the local users created after installation.
https://next.nutanix.com/how-it-works-22/changing-password-expiration-for-local-user-in-pe-41745
these are my tests on PC ssh:
nutanix@NTNX~$ sudo chage -l veeambackup
chage: user 'veeambackup' does not exist in /etc/passwd
nutanix@NTNX~$ sudo chage -M 5000 veeambackup
chage: user 'veeambackup' does not exist in /etc/passwd
nutanix@NTNX ~$ sudo chage -l admin
Last password change : Sep 22, 2025
Password expires : Nov 21, 2025
Password inactive : never
Account expires : never
Minimum number of days between password change : 1
Maximum number of days between password change : 60
Number of days of warning before password expires : 7
Same results on CVM
My tests are on PC 2024.3.1.1
Is it possible that I might have overlooked something?
+8Yes this is only for the admin and nutanix accounts on PCVM.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.