Today user may set/change the guest console password and also its expiration time through Kimchi API. When passing an empty password, a random password is automatically generated. curl -u <user:password> -H "Content-Type: application/json" -H "Accept: application/json" http://localhost:8010/vms/blah -X PUT -d'{"graphics": {"passwd": ""}}' That way is difficult to handle when user wants to reset the guest password. We have a similar issue when we automatically change the passwdValidTo when it is expired - increasing it in 30 seconds. My proposal is simple: only change "passwd" and "passwdValidTo" when user wants to do it. curl -u <user:password> -H "Content-Type: application/json" -H "Accept: application/json" http://localhost:8010/vms/blah -X PUT -d'{"graphics": {"passwd": "123456", "passwdValidTo": "<some datetime format>"}}' curl -u <user:password> -H "Content-Type: application/json" -H "Accept: application/json" http://localhost:8010/vms/blah -X PUT -d'{"graphics": {"passwdValidTo": "<some datetime format>"}}' And make sure the passwdValidTo is only acceptable when there is a passwd set. And to reset those values, we only need to send an empty string: curl -u <user:password> -H "Content-Type: application/json" -H "Accept: application/json" http://localhost:8010/vms/blah -X PUT -d'{"graphics": {"password": "", "passwdValidTo": ""}}' And create a new API: POST /vms/blah/ticket to automatically generate a random password valid only for 30 seconds. curl -u <user:password> -H "Content-Type: application/json" -H "Accept: application/json" http://localhost:8010/vms/blah/ticket -X POST -d'{}' What do you think about it? Regards, Aline Manera