You can change the root password for any vRealize Operations primary or data node at any time by using the console.

The root user bypasses the pam_cracklib module password complexity check, which is found in /etc/pam.d/system-password. All hardened appliances activate enforce_for_root for the pw_history module, found in the /etc/pam.d/system-password file. The system remembers the last five passwords by default. Old passwords are stored for each user in the /etc/security/opasswd file.


Verify that the root password for the appliance meets your organization’s corporate password complexity requirements. If the account password starts with $6$, it uses a sha512 hash. This is the standard hash for all hardened appliances.


  1. Run the # passwd command at the root shell of the appliance.
  2. To verify the hash of the root password, log in as root and run the # more /etc/shadow command.
    The hash information appears.
  3. If the root password does not contain a sha512 hash, run the passwd command to change it.