VCSA and ESXi password security

John Borhek Linux, Operating Systems, SUSE, VCSA, VMware, VMware ESXi, VMware vCenter October 11, 2017

I recently went looking for information on password security for the VCSA 6.0 & 6.5 and ESXi 6.0 & 6.5. Most specifically, I was interest in the number of passwords remembered, so I could define that in documentation for a client.

Try as I might, I couldn’t find documentation for VCSA number of passwords remembered or how to configure it anywhere!

There’s no real difference between ESXi 6.0 and 6.5, but there is a big difference between VCSA 6.0 and 6.5, here it is:

The number of passwords remembered for VCSA 6 is five

VCSA 6.0 remembers 5 passwords by default. The file you are looking for to define the number of passwords remembered is: /etc/pam.d/common-passwd

The number of passwords remembered for VCSA 6.5 is zero

Apparently, VMware has gotten on-board with new Digital Identity Guidelines by the NIST, as the number of passwords remembered for VCSA 6.5 is 0. The file determining such things in VCSA 6.5 is: /etc/pam.d/passwd

The number of passwords remembered for ESXi 6.5 is zero

The file determining such things in ESXi 6.0 and 6.5 is: /etc/pam.d/passwd.

Tags: ESXi, pam.d, password, security, VCSA

About: John Borhek

John Borhek is the CEO and Lead Solutions Architect at VMsources Group Inc. John has soup-to-nuts experience in Mission Critical Infrastructure, specializing in hyper-convergence and Cloud Computing, engaging with organizations all over the United States and throughout the Americas.

2 thoughts on “VCSA and ESXi password security”

Max Lyth says:

February 3, 2021 at 5:31 pm

On ESXi 7.0 the location of the password history count has moved to:
/etc/pam.d/system-password

Reply
1. John Borhek says:
  
  February 25, 2021 at 4:37 pm
  
  Thanks and very true. Thanks for the input!
  
  Reply