Link to home
Start Free TrialLog in
Avatar of asrvwiz
asrvwizFlag for United States of America

asked on

ESXi Password Settings

Where do I look to see what the password settings are in ESXi 4.1?  ie: minimum, maximum password complexity, number of retries.
Avatar of Andrew Hancock (VMware vExpert PRO / EE Fellow/British Beekeeper)
Andrew Hancock (VMware vExpert PRO / EE Fellow/British Beekeeper)
Flag of United Kingdom of Great Britain and Northern Ireland image

VMware ESXi/ESX 4.1 and ESXi 4.0 use the pam_passwdqc.so module to check for the password strength. By default, it uses these parameters:

pam_passwdqc.so retry=3 min=8,8,8,7,6

see this Article

http://kb.vmware.com/kb/1012033
Avatar of asrvwiz

ASKER

Thanks for the kb.  Can you provide a link to how to modify this file?  Hopefully something easy to understand with examples.
You will need to enable SSH access on ESXi to modify the file.

1) Download Free SSH Client - Putty tool from below if you don't have one.
http://www.putty.org/

2) Enable SSH access - Make sure you disable this after you modified the file.
On ESXi host -> Configuration -> Software -> Security Profile -> service -> Properties ->
SSH -> Option -> Start

3) Using Putty,  SSH to ESXi host using the root account

Follow these steps from the KB Article.

"4) Open the /etc/pam.d/system-auth file using a text editor. For example, to open the file using a vi editor, run this command:

vi /etc/pam.d/system-auth

Change this line:

password requisite /lib/security/$ISA/pam_passwdqc.so min=8,8,8,7,6

Note: You are changing the min values to match the password policy you want to enforce. For additional information about this module and the different syntax, see the pam_passwdqc man page.

5) Save the changes and change the password.

Note: To ensure that changes to the file persist upon reboot, run this command before making edits to the /etc/pam.d/system-auth file:
 
chmod +t /etc/pam.d/system-auth

Hope above info helps."

Thanks,
SOLUTION
Avatar of Andrew Hancock (VMware vExpert PRO / EE Fellow/British Beekeeper)
Andrew Hancock (VMware vExpert PRO / EE Fellow/British Beekeeper)
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of asrvwiz

ASKER

Thanks guys, I was a bit vague.  I know how to use putty and vi.  What I do not quite understand is what exactly min=8,8,8,7,6 is?  If I change the first 8 to a 9 what does it do, and so on?  That is what I wanted some examples on.
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of asrvwiz

ASKER

bluedan,

Is is possible to have passsword ageing?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of asrvwiz

ASKER

Thanks to you both.