Friday, December 11, 2009

How to disable the complex password option on vSphere ESX 4.0 and 4.1

If you need to disable the complex password option on an ESX 4.0 you must edit the file: /etc/pam.d/system-auth-generic
And replace the following line:
password required /lib/security/$ISA/pam_passwdqc.so min=8,8,8,7,6 similar=deny match=0
With this one:
password required /lib/security/$ISA/pam_passwdqc.so min=8,8,8,7,6 enforce=none

It's no necessary restart any services for this change to take effect.

I've found this info at: http://communities.vmware.com/thread/235711
Update
On vSphere v4.1 this change must be done on /etc/pam.d/system-auth file

2 comments:

  1. 5.1 ESXi
    -----------

    #%PAM-1.0

    # This stack is run by pam_per_user for specific users as defined in
    # /etc/security/login.map

    auth sufficient /lib/security/$ISA/pam_unix.so try_first_pass likeauth nullok
    auth required /lib/security/$ISA/pam_deny.so

    account sufficient /lib/security/$ISA/pam_unix.so
    account required /lib/security/$ISA/pam_deny.so

    session sufficient /lib/security/$ISA/pam_unix.so
    session required /lib/security/$ISA/pam_deny.so

    ReplyDelete
  2. Welcome, thanks for your input.

    ReplyDelete