Hi
Anyone who has a brilliant idea how to change /etc/pam.d/common-passwd file so password complexity, lenght and reuse options can be changed from PowerCLI or other management utils ?
/gekken
I don't beleive the file is exposed for changes through the API so you would have to use Tech Support Mode to change the file as described here - http://kb.vmware.com/kb/1012033. If you had a number of hosts to do, you could enable Remote TSM with PowerCLI, then use plink to edit the file and restart the management services, and then use PowerCLI to disable TSM.
Dave
VMware Communities User Moderator
Now available - vSphere Quick Start Guide
Do you have a system or PCI card working with VMDirectPath? Submit your specs to the Unofficial VMDirectPath HCL.
Hi Dave and thanks for the answer. We have approx 200 hosts and they are running on ESXi 4.0 U2 and we are not allowed to upgrade and as far as I know TSM is a 4.1 feature :-(.
I'm really hoping to get away wiht this without using the "unsupported" console option so if anyone has a solution it would be very appreciated.
/gekken
Provided the ESXi hosts are not in locked mode and provided the SSH service is started, you could use the pscp.exe command from the PuTTY suite to copy a modified system-auth (ESXi 4.1) or common-password (ESXi 4.0) file to the ESXi servers.
$User = <account> $Pswd = <password> $hostName = <hostname> $pscp = "<PuTTY-directory>\pscp.exe" $sourceFile = "C:\Temp\system-auth" $targetDir = "/etc/pam.d/" $pscpoptions = " -scp -pw $Pswd" $sourceFile = "C:\Temp\system-auth" $targetDir = "/etc/pam.d/" $pscpoptions = " -scp -pw $Pswd" $remoteCommand = '"' + $cmd1 + '"' $command = $pscp + " " + $pscpoptions + " " + $sourceFile + " " + $User + "@" + $hostName + ":" + $targetDir Invoke-Expression -command $command
____________
Blog: LucD notes
Twitter: lucd22
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Just as a reminder, you can start the SSH service like this
Get-VMHostService -VMHost (Get-VMHost mmmstv051*) | where {$_.Key -eq "TSM-SSH"} | Start-VMHostService -Confirm:$false
Or you could even make it more intelligent like this
$sshSrv = Get-VMHostService -VMHost (Get-VMHost mmmstv051*) | where {$_.Key -eq "TSM-SSH"} if($sshSrv.Running -eq $false){ Start-VMHostService -HostService $sshSrv -Confirm:$false } # # Do other stuff, like copy the file # if($sshSrv.Running -eq $false){ Stop-VMHostService -HostService $sshSrv -Confirm:$false }
Where you restore the state of the service to what is was before.
____________
Blog: LucD notes
Twitter: lucd22
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Hi and thaks for the replies..
Just to be sure, the "TSM-SSH" service is not availiable on 4.0 U2 ?
/gekken
True, you will have to edit the /etc/inetd.conf file to enable ssh.
See Duncan's post for the details.
And I'm afraid that file is not included in the firmware package that you can retrieve with the Set-VMHostFirmware cmdlet.
____________
Blog: LucD notes
Twitter: lucd22
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference