Fortinet black logo

Administration Guide

Home FortiPAM 1.3.0 Administration Guide
1.3.0
1.3.0
1.2.0
1.1.2
1.1.1
1.1.0
1.0.3
1.0.2
1.0.1
1.0.0

Password changers

Password changers

A password changer can be configured for a custom secret template to periodically change the password of a secret and periodically check the health of a secret.

For each password changer; name, type, changers, verifiers, change mode, verify mode, description, and references are displayed.

FortiPAM offers the following default password changers:

  • Active Directory LDAPS

  • Cisco Enable Secret

  • Cisco User (SSH Secret)

  • Cisco XR Router

  • ESXi Password

  • ESXi Web

  • Open LDAPS

  • SSH Key (FortiProduct)

  • SSH Key (Unix)

  • SSH Password (FortiProduct)

  • SSH Password (Unix)

  • Samba

Default password changers cannot be edited.

Custom password changers are clones of their default counterparts and are editable.

For LDAPS password changer and verification, the minimum SSL/TLS version and the target server port number used by LDAPS can be set using the following CLI commands, provided the secret has an associated target:

 config secret target
  edit target_name
   set ldaps-min-ssl-version {default | SSLv3 | TLSv1 | TLSv1.1 | TLSv1.2 | TLSv1.3}
   set ldaps-port <integer>
  end
end

If there is no associated target with the secret or ldaps-min-ssl-version is set to default, the minimum SSL/TLS version used follows system > global > ssl-min-proto-version.

The Password Changers tab in Secret Settings contains the following options:

Create

Select to create a new password changer. See Creating a password changer.

Edit

Select to edit the selected password changer.

Delete

Select to delete the selected password changers.

Clone

Select to clone the selected password changer.

Search

Enter a search term in the search field, then hit Enter to search the password changers list. To narrow down your search, see Column filter.
Previous
Next

Password changers

A password changer can be configured for a custom secret template to periodically change the password of a secret and periodically check the health of a secret.

For each password changer; name, type, changers, verifiers, change mode, verify mode, description, and references are displayed.

FortiPAM offers the following default password changers:

  • Active Directory LDAPS

  • Cisco Enable Secret

  • Cisco User (SSH Secret)

  • Cisco XR Router

  • ESXi Password

  • ESXi Web

  • Open LDAPS

  • SSH Key (FortiProduct)

  • SSH Key (Unix)

  • SSH Password (FortiProduct)

  • SSH Password (Unix)

  • Samba

Default password changers cannot be edited.

Custom password changers are clones of their default counterparts and are editable.

For LDAPS password changer and verification, the minimum SSL/TLS version and the target server port number used by LDAPS can be set using the following CLI commands, provided the secret has an associated target:

 config secret target
  edit target_name
   set ldaps-min-ssl-version {default | SSLv3 | TLSv1 | TLSv1.1 | TLSv1.2 | TLSv1.3}
   set ldaps-port <integer>
  end
end

If there is no associated target with the secret or ldaps-min-ssl-version is set to default, the minimum SSL/TLS version used follows system > global > ssl-min-proto-version.

The Password Changers tab in Secret Settings contains the following options:

Create

Select to create a new password changer. See Creating a password changer.

Edit

Select to edit the selected password changer.

Delete

Select to delete the selected password changers.

Clone

Select to clone the selected password changer.

Search

Enter a search term in the search field, then hit Enter to search the password changers list. To narrow down your search, see Column filter.
Previous
Next