Passwords endpoints

When local users forget their Puppet Enterprise (PE) passwords or lock themselves out of PE by attempting to log in with incorrect credentials too many times, you must generate a password reset token for them. Use the password endpoints to generate password reset tokens, use tokens to reset passwords, change the authenticated user's password, and validate potential user names and passwords.

The password endpoints are for managing local user accounts within PE. You can't use these endpoints to modify user information in SAML or LDAP.

By default, users can make 10 login attempts before being locked out. You can change the amount of allowed attempts by configuring the failed-attempts-lockout parameter.

You can reset the PE console admin password with a password reset script available on the PE console node.

Related information

Creating and managing local users and user roles
Configure RBAC and token-based authentication settings
Reset the console administrator password