Password Manager Overview: The System Account Passwords feature in Prism Central allows you to manage system account passwords centrally, enhancing security by providing visibility into their status (No Password Set, Default, or Secure) and enabling password changes for individual accounts or grouped accounts based on clusters, such as Controller VM, Prism Central, or AHV.
To refine your view, you can use the Filters option to categorize system account passwords by status No Password Set, Default, or Secure), cluster name, or account type (root, admin, or nutanix). Bulk password changes are supported, and you can track password change history through the Audit Dashboard or Tasks for traceability.
Some AHV-specific accounts, such as root, have unique considerations. If there are Multiple Issues—for example, if the password is not uniform across AHV nodes—or if there is No Password set, these statuses will be reflected accordingly.
Password Manager Limitations: There are a few limitations when using the System Account Passwords.
- You can change passwords for up to 10 cluster accounts at a time, but bulk password changes across multiple user accounts on different clusters are not supported.
- AHV system account password changes are allowed only on clusters that contain at least one HCI node and are not available on clusters composed entirely of storage-only (SO) or compute-only (CO) nodes.
- AHV system account passwords can only be changed if their status is “Default” or “No Password.” Once changed, the System Account Password page may take up to a day to update. However, you can manually refresh the status by navigating to Security Dashboard > Summary and clicking the refresh icon. It’s important to note that AHV system account passwords can only be changed once.
Password Manager Requirements: This feature is not available for all versions. To use it, you need the following minimum software versions:
- Prism Central: Version pc.2023.4 or newer
- AOS: Version 6.7.1 or newer
For AHV system account password management, you must have:
- AOS 7.0+
- AHV 10.0+
- Prism Central 2024.4+
Changing System Account Passwords
To change passwords can be done
- Log on to Prism Central
- Go to Infrastructure from the Application Switcher, then Network & Security > System Account Passwords.
- To change the password of an individual account, select the account from the Account column
- You can select multiple accounts and change the passwords of the accounts in bulk. To view and select the required accounts, click Modify Filters, select the accounts, and then click Change Password.
- Click Change Password.
- In the Change Password window, enter the following and click Change Password.
The passwords are updated for the selected accounts. Remember, once changed, the System Account Password page may take up to a day to update.
Summary:
Prism Central’s Password Management feature provides a centralized and efficient way to manage system account passwords, ensuring better security, visibility, and control. With options to track password status, apply filters, and perform bulk password changes, this feature streamlines password management across Controller VMs, Prism Central, and AHV clusters.
By leveraging this feature, you can simplify password management, enhance security, and maintain compliance more effectively.
What Do You Think?
Is this something you’re excited about? Did we miss any features you’re curious about? Feel free to share your thoughts in the comments below—we’d love to hear from you!
