Monday, August 30, 2010

Root password never expires

If your company requires you to provide a strong password control and you want to have an expiration date for the root account, you can accomplish it with chage command.

chage -M root

Where, X is the number of days until expiration.

Or implement more complex password policy with PAM.

But you might realize that after a reboot the root account turns to a state of password never expires.

It’s because the root password expiration information was not preserved across hostd restarts. A new tag called rootPasswdExpiration is added to the /etc/vmware/hostd/config.xml file from VMware ESX 3.5, Patch ESX350-200810201-UG.
If this rootPasswdExpiration tag is set to True, then the number of days to expiration will be preserved across hostd restarts.

After setting the rootPasswdExpiration tag in the /etc/vmware/hostd/config.xml file as True, run the chage command again.

There it goes

No comments:

Post a Comment

Who am I

My photo
I’m and IT specialist with over 15 years of experience, working from IT infraestructure to management products, troubleshooting and project management skills from medium to large environments. Nowadays I'm working for VMware as a Senior Consultant, helping customers to embrace the Cloud Era and make them succefully on this journay. Despite the fact I'm a VMware employee these postings reflect my own opnion and do not represents VMware's position, strategies or opinios.

Most Viewed Posts

Blog Archive