Creating a Custom Password Changer

Before attempting to change a password through Secret Server using your new custom password changer, we recommend that you test the command set you are using.

Any term in these commands preceded by $ will reference a secret template field. Any term preceded by $[1]$ refers to the Secret template field of a linked Secret. If you need to reference a secret template field, make sure you are using the exact secret template field name.

To use your new password changer, you will need to assign it to a secret template.

To create a custom password changer, follow the procedure below.

Go to Remote Password Changing > Password Changers in the Settings menu. The Password Changers page appears.
Click the Create Password Changer button. A New Password Changer popup appears.
Choose a Base Password Changer with a command set that most closely matches the type of password changer you are creating, as this determines which customizable parameters and test actions are available to you. To create a custom SSH password changer, choose a base password changer with a name that ends in (SSH).
Give your new password changer a Name and click Save. The page for the new changer appears.
Click the Custom Commands tab.
Click the Edit button.
Click the Script tab for the Password Change Commands section.
Edit the Password Change Commands to contain the command set you need.
- Use the Delete button (trash can) to remove a row.
- Click and drag the dots on the left to move a row.
- Click the + Add Command button to create a new row.
Edit the Verify Password Changed Commands to create the command set for checking that the password is valid. These commands are used by heartbeat and after a password change to verify that the change was successful.
Using the same procedure, change the commands as desired in the under Post Successful Change Commands and Post Failure Change Commands.
When you are finished editing the commands, scroll to the bottom and click Save. To edit advanced commands and settings, see the instructions below.

Advanced Settings

To modify advanced settings, do the following:

Go to Remote Password Changing > Password Changers in the Settings menu. The Password Changers page appears.
Click the name of the desired password changer. Its page appears, set to the General tab.
Click the Edit button.
Adjust the settings as desired:
- Remote Password Changing Timeout (minutes):
  Type: Integer (minutes)
  What it does: Sets the timeout (in minutes) used by the password changer when changing a password remotely.
- Bypass Verify After Password Change:
  Type: Boolean (enable/disable)
  What it does: When enabled, bypasses the Heartbeat verification check after a successful password change. Note: Bypassing verification can lead to issues.
- Heartbeat Unknown Error—Unable to Connect Translation (regex):
  Type: Regular expression
  What it does: Provides a regex used to reclassify an Unknown Error as "Unable To Connect" based on the contents of the error message.
- Attempt Password Change with New Password When Error Contains (regex):
  Type: Regular expression (evaluated against the failure message)
  What it does: If an RPC password change fails, this regex runs against the failure message, which includes a FailureCode. If the regex matches and the number of failed attempts is five or fewer, a new password is generated for the next password attempt. Only the password field is updated; no other fields are changed.
  Examples (copy/paste):
  - .*UnknownError.* — Any error with UnknownStatus
  - .* — Any error
  - .*minimum.* — Minimum Password Requirements
  - .*0x80072035.* — Server rejects password
  - .*(0x80072035|minimum).* — Match either of the two above
- Advanced: Delay Verify After Password Change (seconds):
  Type: Integer (seconds)
  What it does: Sets how many seconds to wait after a password has been changed before verifying the password.
  Limits/Defaults: Max: 90 seconds; Default: blank.
Click the Save button.