Monday, August 30, 2010

Root password never expires

If your company requires you to provide a strong password control and you want to have an expiration date for the root account, you can accomplish it with chage command.

chage -M root

Where, X is the number of days until expiration.

Or implement more complex password policy with PAM.

But you might realize that after a reboot the root account turns to a state of password never expires.

It’s because the root password expiration information was not preserved across hostd restarts. A new tag called rootPasswdExpiration is added to the /etc/vmware/hostd/config.xml file from VMware ESX 3.5, Patch ESX350-200810201-UG.
If this rootPasswdExpiration tag is set to True, then the number of days to expiration will be preserved across hostd restarts.

After setting the rootPasswdExpiration tag in the /etc/vmware/hostd/config.xml file as True, run the chage command again.

There it goes

No comments:

Post a Comment

Who am I

My photo
I’m an IT specialist with over 15 years of experience, working from IT infrastructure to management products, troubleshooting and project management skills from medium to large environments. Nowadays I'm working for VMware as a Consulting Architect, helping customers to embrace the Cloud Era and make them successfully on their journey. Despite the fact I'm a VMware employee these postings reflect my own opinion and do not represents VMware's position, strategies or opinions. Reach me at @dumeirell

Most Viewed Posts

Blog Archive