How To Reset oVirt/RHEV admin user password

A default user with the system-wide SuperUser role is created during the installation of oVirt / RHEV. A command line tool called ovirt-aaa-jdbc-tool can be used to manage local user accounts on the internal domain post installation. Any changes made through ovirt-aaa-jdbc-tool will take effect immediately and there is no need to restart the ovirt-engine service. This walkthrough guide will help you to reset admin user password on a local domain in oVirt/RHEV virtualization environment.

Let’s first view admin user account information before attempting password reset;

[jmutai@ovirt-manager ~]$ sudo ovirt-aaa-jdbc-tool user show admin
-- User admin(d2cd1649-16b8-4d9c-a4c5-2825cb31a5e7) --
Namespace: *
Name: admin
ID: d2cd1649-16b8-4d9c-a4c5-2825cb31a5e7
Display Name:
Email: root@localhost
First Name: admin
Last Name:
Department:
Title:
Description:
Account Disabled: false
Account Locked: false
Account Unlocked At: 1970-01-01 00:00:00Z
Account Valid From: 2022-01-09 00:09:42Z
Account Valid To: 2222-01-09 00:09:42Z
Account Without Password: false
Last successful Login At: 2022-01-22 19:28:12Z
Last unsuccessful Login At: 1970-01-01 00:00:00Z
Password Valid To: 2221-11-22 00:09:45Z

We shall use the ovirt-aaa-jdbc-tool tool to reset the password of the internal administrative user (admin@internal). The new password to be assigned this user needs to meet the following policy requirements:

• Password must have a minimum of 6 characters.
• The new password used cannot be one of the three previous passwords used.

The command syntax for resetting admin user password is:

$ sudo ovirt-aaa-jdbc-tool user password-reset username --password-valid-to="yyyy-MM-dd HH:mm:ssX"

A value for --password-valid-to must be set, otherwise the password expiry time defaults to the current time. The date format is as shared in command syntax yyyy-MM-dd HH:mm:ssX

In the following command we change the admin@internal user password and set password validity to 2035-12-31 12:00:00Z.

[jmutai@ovirt-manager ~]$ sudo ovirt-aaa-jdbc-tool user password-reset admin --password-valid-to="2035-12-31 12:00:00Z"

Input and confirm new password as prompted:

Password: <NEW-PASSWORD>
Reenter password: <CONFIRM-NEW-PASSWORD>
updating user admin...
user updated successfully

In the used example, Z in date format stands for UTC time. You can view user new details after reset:

[jmutai@ovirt-manager ~]$ sudo ovirt-aaa-jdbc-tool user show admin
-- User admin(d2cd1649-16b8-4d9c-a4c5-2825cb31a5e7) --
Namespace: *
Name: admin
ID: d2cd1649-16b8-4d9c-a4c5-2825cb31a5e7
Display Name:
Email: root@localhost
First Name: admin
Last Name:
Department:
Title:
Description:
Account Disabled: false
Account Locked: false
Account Unlocked At: 1970-01-01 00:00:00Z
Account Valid From: 2022-01-09 00:09:42Z
Account Valid To: 2222-01-09 00:09:42Z
Account Without Password: false
Last successful Login At: 2022-01-22 19:28:12Z
Last unsuccessful Login At: 2022-01-21 10:58:26Z
Password Valid To: 2035-12-31 12:00:00Z

Unlocking admin user account

If you have had attempted to login to oVirt / RHEV Administration Portal too many times with the wrong password, then the admin user account may be locked.

The following command is used to unlock admin user account:

[jmutai@ovirt-manager ~]$ sudo ovirt-aaa-jdbc-tool user unlock admin

We have learned how to reset local domain admin user password in oVirt / RHEV environment. More guides on Virtualization topics are available on our website through the links shared below.

• Configure oVirt / RHEV User Authentication using FreeIPA LDAP
• Creating Additional MAC Address Pools in oVirt / RHEV
• How To Create Data Center and Cluster in oVirt / RHEV
• Upload and Use ISO Images on oVirt / RHEV Storage Domain