woensdag, april 18, 2007

VMware: PAM Password Aging in ESX 3.0.1

As you know, the service console for ESX 3.0 is a modified version of Red Hat Enterprise Linux 3 Update 6.0. By default, a password aging & complexity policy is active. Password aging policies are set:

  • Maximum days = 90 days by default
  • Minimum days = 0 days (you can change your password whenever you want)
  • Warning time defaults to 7

Normally, the root and vpxuser have no password aging by default (value is –1).

You can disable the password aging policy as follows:

  • For all newly created users (disable globally):
    esxcfg-auth --passmaxdays=0 (or –1)
  • For existing users:
    chage -M -1 (or 0) <username>