Translate in Your language

Thursday, 9 June 2016

VMware ESXi 6.X password policy

ESXi Password:

With VMware ESXi 6, password policy require to use more complex passwords.  ESXi enforces password requirements for direct access from the DCUI, ESXi Shell, SSH, or the vSphere web Client. 

In previous versions of ESXi, password complexity changes had to be made by editing the /etc/pam.d/passwd file on each ESXi host. 

In vSphere 6.0 now this can be done by adding an entry in Host Advanced System Settings, enabling centrally managed setting changes for all hosts in a cluster.

When we create a password, we need to include a mix of characters from four character classes: lowercase letters, uppercase letters, numbers, and special characters such as underscore.

The password policy in ESXi 6 has following requirements:
  • Passwords must contain characters from at least three character classes.
  • Passwords containing characters from three character classes must be at least seven characters long.
  • Passwords containing characters from all four character classes must be at least seven characters long.
  • An uppercase character that begins a password does not count toward the number of character classes used. 
  • A number that ends a password does not count toward the number of character classes used.
  • The password cannot contain a dictionary word or part of a dictionary word.  
We can change the default required length and character class requirement or allow pass phrases using the Security.PasswordQualityControl advanced option.

The default configuration ESXi 6 is 

"ESXi 6: retry=3 min=disabled,disabled,disabled,7,7" 

whereas in ESXi 5.5 it was  

"ESXi 5: retry=3 min=8,8,8,7,6"

It means that passwords with one or two character classes and pass phases are not allowed, as indicated by the first three disabled items. 

Passwords from three and four character classes require seven characters.

ESXi Pass Phrase:

We can also use a pass phrase for ESXi host instead of passwords, however, pass phrases are disabled by default. 

We can change this default settings, by using the Security.PasswordQualityControl advanced option for your ESXi host from the vSphere Web Client

A passphrase requires at least 3 words, can be 8 to 40 characters long, and must contain enough different characters.

1 comment:

  1. is there a limitation of which special characters can be used?



Popular Posts This Week