It clearly can be possible though, hence this post?

The root password was blank initially, which I thought it wouldn't allow, but did. If I try and change it, I get it moaning about complexity, yet it didn't on the others.

I have tried to remove the complexity from the host using both the PAM file and also the advanced settings option, makes no difference, doesn't even seem to acknowledge anything has changed and still wont let me set the password to the lesser, but used everywhere password.

The same problem occurs no matter how I access it, both from DCUI and also the web client console of the host. Funny thing is, I believe this is the expected behaviour and its doing what its meant to be doing. But doesn't explain why the other one let me set it as I wanted it.

First thing id tried, didn't make any difference, maybe I done it wrong, but cant really see how. Even tried the "new" way in 6.5 and used the advanced settings options as that way sort of replaces the need to edit this file manually, still doesn't work. Bloody annoying

Ah, okay, so you didn't put your final password at the beggining when you install ESXi.

Did you make changes in the pam file and it doesn't work? Did you reboot the ESXi host after applying it?

Also, be aware that not all combinations work, check out more information: ESXi Passwords and Account Lockout

The password complexity rules are only enforced when you *change* the password. The new password will then be checked against the rules.

If a less complex password is already set when you change the rules then it will continue to work, because the password itself is never stored on the system (only a hash value) and thus cannot be checked once it was set.

May this explain the behavior that you are seeing?