You can change the root password for any vRealize Operations Manager master or data node at any time by using the console.

About this task

The root user bypasses the pam_cracklib module password complexity check, which is found in etc/pam.d/common-password. All hardened appliances enable enforce_for_root for the pw_history module, found in the etc/pam.d/common-password file. The system remembers the last five passwords by default. Old passwords are stored for each user in the /etc/security/opasswd file.


Verify that the root password for the appliance meets your organization’s corporate password complexity requirements. If the account password starts with $6$, it uses a sha512 hash. This is the standard hash for all hardened appliances.


  1. Run the # passwd command at the root shell of the appliance.
  2. To verify the hash of the root password, log in as root and run the # more /etc/shadow command.

    The hash information appears.

  3. If the root password does not contain a sha512 hash, run the passwd command to change it.