VMware Communities > VMTN > General > Security & vShield Zones > Discussions
Up to Discussions in Security & vShield Zones

This Question is Possibly Answered

1 "correct" answer available (10 pts) 2 "helpful" answers available (6 pts)
2 Replies Last post: Jun 30, 2009 5:47 AM by Texiwill
Reply

ESX v3.5 and LDAP ??

Jun 18, 2009 10:26 AM

Click to view btrcmptr's profile Novice btrcmptr 23 posts since
Aug 30, 2006

Howdy,

ESX v3.5 can use LDAP for authentication - so far so good. I have a requriement to maintain "password minimum difference = 3" Does ESX server have this setting?

Thank you in advance,

Bill Burke

Reply Re: ESX v3.5 and LDAP ?? Jun 18, 2009 11:37 AM
Click to view AndreTheGiant's profile Guru AndreTheGiant 5,621 posts since
Aug 28, 2008
I do not have if this control exist in the pam_ldap version with ESX 3.5.

But you can apply this control on your LDAP server.
During password change, the backend will reject the password.

Andre
Reply Re: ESX v3.5 and LDAP ?? Jun 30, 2009 5:47 AM
in response to: AndreTheGiant
Click to view Texiwill's profile Guru Texiwill 10,056 posts since
Jan 13, 2004 Moderator
Hello,

Moved to the Security forum.

You need to use different controls within your LDAP server. However you can use pam_tally.so and pam_cracklib.so to improve your local security for passwords..

One option is:

esxcfg-auth --usecrack=3 14 2 2 2 2


First entry is '3' retries for a password attempt.


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, Virtualization Practice Analyst
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing the Virtual Environment'
Also available 'VMWare ESX Server in the Enterprise'
SearchVMware Pro|Blue Gears|Top Virtualization Security Links|Virtualization Security Round Table Podcast
Actions
Up to Discussions in Security & vShield Zones