With earlier version to manage password policies we have to edit /etc/pam.d/passwd file,

But with the vsphere 6 , once we open the file we can see below output.

clip_image001

Its saying we have to use esx host advanced configuration for that.

clip_image002

According to vmware now ESX password should be mix of characters from four character classes

  • Upper Case
  • Lower Case
  • Numbers
  • Special ($%#@#…..)

If our password starts with Uppercase cahracter , that does not count for the character classes used. Also the password , which ends with Number, does not count of character classes used.

Example passwords

aB%cL; This is a password which consist three classes(U case, L Case, Special)

Abkl$1 This is a password which consist three classes(L Case, Special,Numbers)- Upper case will not be count as a class here

aBK%%1dds This is a password which have all four classes

This is the default password policy in esx

retry=3 min=disabled,disabled,disabled,7,7

According to that we can’t use

Only one character class

Only two character classes

Two character classes and

pass phases

But we can use 7 characters from three classes & 7 characters from four classes.

Reference

https://pubs.vmware.com/vsphere-65/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-DC96FFDB-F5F2-43EC-8C73-05ACDAE6BE43.html

Advertisements