Resetting the secroot Account Password

The KeyControl webGUI has a default KeyControl-managed user account called secroot. If you do not remember the credentials of any KeyControl user account with Security Administrator privilege, or if you are locked out of the KeyControl webGUI, you can reset the secroot credentials with a temporary password. You can reset the password using one of the following methods: 

  • Generate random password and send it via email to secroot—Use this option to generate a random temporary password for the secroot user and securely send it to their email account that is registered in KeyControl. The secroot user must have an email account configured in the KeyControl webGUI and have access to email. We recommend that you use this option if secroot has email configured and has access to email.
  • Enter new temporary password for secroot—Use this option to enter a temporary password. You can either pass it to the secroot user outside of KeyControl, or email it to the secroot user directly from KeyControl.

Note: If you have Two-Factor Authentication enabled configured for secroot, you will be provided an option to optionally reset the secroot user's Two-Factor Authentication state/secret.

Procedure 

  1. Log into the KeyControl VM console as htadmin .

    KeyControl displays the Entrust KeyControl System Console TUI (Text-based User Interface).

  2. Select Manage Accounts.

  3. In the Manage Accounts page, select secroot (KeyControl webGUI default account).

  4. On the KeyControl - Reset secroot Account page, choose the option that you want and complete the following: 

    • To use KeyControl to generate a random password and send it to the secroot user:

      1. Select Generate random password and send it via email to secroot.
      2. On the Generate random password and send it via email to secroot page, optionally choose Reset Two-Factor Authentication.
      3. Select OK.

      The secroot user will receive an email with the temporary password. When they log into the KeyControl webGUI with the temporary password, they are immediately prompted to update the password.

    • To enter your own temporary password for secroot:

      1. Select Enter new temporary password for secroot.

      2. On the Enter new temporary password for secroot page, optionally choose Reset Two-Factor Authentication and Send Temporary password to secroot via email.

        Note: If you choose to email the temporary password, the secroot user must have an email account configured in the KeyControl webGUI and have access to emails.

      3. Select OK.
      4. Enter and confirm the temporary password.
      5. Select OK.

      6. On the confirmation screen, select OK.

      When the secroot user receives the temporary password and logs into the KeyControl webGUI, they are immediately prompted to update the password.