Password changers
A password changer can be configured for a custom secret template to periodically change the password of a secret and periodically check the health of a secret.
For each password changer; name, type, changers, verifiers, change mode, verify mode, description, and references are displayed.
FortiPAM offers the following default password changers:
-
Active Directory LDAPS
-
Cisco Enable Secret
-
Cisco User (SSH Secret)
-
Cisco XR Router
-
ESXi Password
-
ESXi Web
-
Open LDAPS
-
SSH Key (FortiProduct)
-
SSH Key (Unix)
-
SSH Password (FortiProduct)
-
SSH Password (Unix)
-
Samba
Default password changers cannot be edited. |
Custom password changers are clones of their default counterparts and are editable. |
For LDAPS password changer and verification, the minimum SSL/TLS version and the target server port number used by LDAPS can be set using the following CLI commands, provided the secret has an associated target:
config secret target edit target_name set ldaps-min-ssl-version {default | SSLv3 | TLSv1 | TLSv1.1 | TLSv1.2 | TLSv1.3} set ldaps-port <integer> end end
If there is no associated target with the secret or |
The Password Changers tab in Secret Settings contains the following options:
Create |
Select to create a new password changer. See Creating a password changer. |
Edit |
Select to edit the selected password changer. |
Delete |
Select to delete the selected password changers. |
Clone |
Select to clone the selected password changer. |
Search |
Enter a search term in the search field, then hit |