I have a lot of ESXi servers running in my lab and prefer to have a very simple password. This password could be “vmware”. A six letter word all in lower case. Not the most secure password, but in my lab environment it is not a worry.
The password complexity is defined in the file: “/etc/pam.d/system-auth” you need to look at line 12: “password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=8,8,8,7,6″ This is actually what defines the password complexity. The way to interpret “8,8,8,7,6” is the following: The first 8 is how long the password has to be if we only use a single character set (lower case, upper case, digtigts, other characters.). The second 8 is if we use two character classes The third is for password phrases and the last two is for 3 and 4 character classes password.
I want to use the password “vmware” a single character word with a length of 6. To accomplish this we change line 10 to one of the following:
- password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=6,6,6,6,6
- password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=8,8,8,7,6 enforce=none
The change will take affect immediately. No need to restart any services. Now go ahead and change your password with the “passwd” command.
The only thing you have to worry about is that the system-auth is not persistent through reboots. Your password is persistent but the file is not. To make sure the system-auth file is backed up you need to:
chmod +t /etc/pam.d/system-auth
Leave a Reply