Have you tried to set up or change a root's password for an ESXi host and got the following error message:
Weak password: not enough different characters
or classes for this length.
passwd: Authentication token manipulation error
passwd: Authentication token manipulation error
For
security reasons, VMware ESXi, enforces some password requirements. Learning how it works can avoid issues like
the above one.
The
password length requirement will depend on the number of classes used to
compose it.
The classes
available are:
- lowercase
letters;
- uppercase
letters;
- numbers;
- special
characters;
With than
in middle, you can come up with a password like that:
If it
contains just one or two character classes it must be at least 8 characters
long;
If it
contains three character classes it must be at least 7 characters long;
If it
contains all four character classes it must be at least 6 characters long;
One thing
to notice is, if the password starts with an uppercase letter or ends with a
number, those characters does not count toward the numbers of valid characters.
Even though
you might think these requirements are too restrictive (or may be not restrictive
enough), you can change pam.d module to setup the requirements to meet your
company’s policy, check KB1012033 to learn how to accomplish it.
Caution:
reducing the password's complexity inadvertedly might reduce the security of
ESXi.