As a part of our security policy, we are required to update ALL passwords every 60 days.  We are implementing mutual chap authentication with an HP P4000, and it is working.  Security is asking us why we can't update the passwords on a regular basis, and I am pushing back on that because it seems like a risky and time consuming endeavor.

Has anyone experienced this scenario and would they recommend an approach that updated the passwords, versus a policy that only configured the passwords one time?

I suppose you could script updating the configuration on the ESXi servers using vSphere CLI or PowerCLI, but would probably have to update the passwords on the P4000 manually.  If anyone has such a script, please share!

Thanks