Description
This article describes how to change passwords for administrator users on Linux machines using FortiPAM.
Scope
FortiPAM.
Solution
Secrets in FortiPAM can be configured for a custom secret template to change the password of a secret. FortiPAM comes with some default password changers included by default, but custom password changers may also be created.
- Go to Secrets -> Target List -> Create, set Name and as Default Template select Unix Account (SSH Password) and specify Host IP.
- After the target is added, it is possible to create a secret for the Linux machine. Go to Secret -> Secret List -> Create New Secret and on the folder, select Public or Personal. Add a Name, select the Target created above, and put the Host IP, username, and password. On Permission, select the right User Permission or the Group Permission View or Owner.
After the secret is created, it is possible to try to change the password of the administrator on Linux machine. Edit the secret created. After selecting Change Password, it is possible to choose Randomly generated Password or Customized.
In the top right corner, after the password is changed, a Password change succeeded notification will appear and under the Log & Report -> Secret -> Password Changes, the following will be visible:
From the debug logs on FortiPAM CLI:
The password change is done successfully as shown in the debug logs.
Debug logs for troubleshooting password changer related issues can be activated with the following:
diag debug en
diag wad debug enable category pwdchg
diag wad debug enable level verbose
