The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,418 other followers

Disable ESXi Password Complexity – Perfect Cloud

Posted by jpluimers on 2021/03/29

Sometimes you have a long enough password, that matches with the confirmation, but pressing “Enter” to continue gives “Password does not have enough character types”:

From [WayBack] Disable ESXi Password Complexity – Perfect Cloud:

A part of my job as a VMware Certified Instructor is to update our lab systems whenever new vSphere versions come out.   After upgrading from 5.5 to 6.0 I decided we should change passwords, h…

This is the workflow:

  1. Make a backup of /etc/pam.d/passwd.
  2. Use vi to edit /etc/pam.d/passwd, and:
    1. Put a # in front of the lines starting with password requisite
    2. Remove the use_authtok bit of the line starting with password sufficient
    3. Put a # in front of the line starting with password required
    4. Quit vi while saving (press Esc, then enter :wq on the prompt)
  3. Change the password to a less secure one
  4. Restore the original /etc/pam.d/passwd.

Via: esxi 6 force short password – Google Search

Working around this on during ESXi installation fails

I tried this:

  1. Press Alt-F1 to go from the installation screen to the console screen
  2. Logon as root, with no password at all to get to the command-prompt:

  3. Perform the /etc/pam.d/passwd editing steps above
  4. Press Alt-F2 to go back to the install screen
  5. Enter root password

The password requirements stayed.

(more screenshots at [WayBack] ESXi 6.7 installation Guide – Let We-i Go)

Related

On my ESXI 6.5 system where the italic bit is removed, besides the two lines being commented out:

  1. original /etc/pam.d/passwd:
    #%PAM-1.0
    
    # Change only through host advanced option "Security.PasswordQualityControl".
    password   requisite    /lib/security/$ISA/pam_passwdqc.so retry=3 min=disabled,disabled,disabled,7,7
    password   sufficient   /lib/security/$ISA/pam_unix.so use_authtok nullok shadow sha512
    password   required     /lib/security/$ISA/pam_deny.so
    
  2. modified /etc/pam.d/passwd:
    #%PAM-1.0
    
    # Change only through host advanced option "Security.PasswordQualityControl".
    #password   requisite    /lib/security/$ISA/pam_passwdqc.so retry=3 min=disabled,disabled,disabled,7,7
    password   sufficient   /lib/security/$ISA/pam_unix.so nullok shadow sha512
    #password   required     /lib/security/$ISA/pam_deny.so
    

On my ESXI 6.7 system (which adds the bold lines below):

  1. original /etc/pam.d/passwd:
    #%PAM-1.0
    
    # Change only through host advanced option "Security.PasswordQualityControl".
    password   requisite    /lib/security/$ISA/pam_passwdqc.so retry=3 min=disabled,disabled,disabled,7,7
    
    # Change only through host advanced option "Security.PasswordHistory"
    password   requisite    /lib/security/$ISA/pam_pwhistory.so use_authtok enforce_for_root retry=2 remember=0
    
    password   sufficient   /lib/security/$ISA/pam_unix.so use_authtok nullok shadow sha512
    password   required     /lib/security/$ISA/pam_deny.so
    
  2. modified /etc/pam.d/passwd:
    #%PAM-1.0
    
    # Change only through host advanced option "Security.PasswordQualityControl".
    #password   requisite    /lib/security/$ISA/pam_passwdqc.so retry=3 min=disabled,disabled,disabled,7,7
    
    # Change only through host advanced option "Security.PasswordHistory"
    #password   requisite    /lib/security/$ISA/pam_pwhistory.so use_authtok enforce_for_root retry=2 remember=0
    
    password   sufficient   /lib/security/$ISA/pam_unix.so nullok shadow sha512
    #password   required     /lib/security/$ISA/pam_deny.so
    

–jeroen

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

 
%d bloggers like this: