Extend the NSX-T default 90 days password-expiration policy

NSX-T version: 2.4.1

Introduction

NSX-T has the default password policy that you need to change the "admin" password after 90 days. This can be annoying when you have a lab environment and need to change this every three months.

NSX-T Manager

You can set the policy to 9999 days with the following commands:

NSX CLI (Manager, Policy, Controller 2.4.1.0.0.13716579). Press ? for command list or enter: help
ih-dc1-nsxm-01-2> get user admin password-expiration
Password expires 90 days after last change

ih-dc1-nsxm-01-2> set user admin password-expiration 9999
ih-dc1-nsxm-01-2> get user admin password-expiration
Password expires 9999 days after last change

ih-dc1-nsxm-01-2>


NSX-T Edge

When you change to extend the password-expiration on the NSX-T Manager this is NOT automatically pushed to the Edge (VM). So we also need to do this in the Edges.

NSX CLI (Edge 2.4.1.0.0.13716583). Press ? for command list or enter: help
ih-dc1-edgen-02> get user admin password-expiration
Password expires 90 days after last change

ih-dc1-edgen-02> set user admin password-expiration 9999
ih-dc1-edgen-02> get user admin password-expiration
Password expires 9999 days after last change

ih-dc1-edgen-02>