ONTAP Discussions

Scripted password change


We have 20+ cmode clusters spread across the Enterprise.  Has anyone came up with a way to change admin passwords using some form of scripting.  On 7mode we used to used DFM to coordiate the password change across the globe.  However with Cmode we have not come up with a way to change the passwords easily without connecting to each machine.  


Our requirements are:


Must be auditable, we must provide proof of password change success (We use command log)

we are talking the cluster admin, not vserver admin

We do the change every 30 days.

We run it on 20+ clusters.


The entire environment is Cmode Ontap 8.3.


Throwing this out here so I dont have to recreate the wheel.



Since we don't have that many clusters, we still do ours by hand, so, in that sense, I have nothing to help you with here (You're welcome!) other than to say I'd probably write something in `expect` to do it.


Though, for the paranoia level of 'every 30 days' demonstrates, there's probably a lot of changes you'd want to do.

* change admin's password

* audit the allowed keys against an external key repo

* change diag's password

* change DFM/oncommand's password

* change VSC's password (if applicable)

* change the cluster switch passwords


Via powershell or WFA ...


every 30 days is kind of crazy...I assume you only mean the admin account


how to set this up with the WFA tool?

NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner