3 Replies Latest reply on Apr 8, 2020 8:58 PM by sri_vmware

    Root account locked permanently after 4 failed attempts - not sustainable.

    mwolfe412 Lurker

      Per my own testing and posts in this forum, the root account becomes locked after 4 failed attempts.


      If I understand correctly, the way to recover the account is to first reset the password via the process in KB52652.  Then, the account must be unlocked manually with this command, per this post:

      /sbin/pam_tally2 -r -u root


      We have automatic security scanning systems in place which periodically test common passwords against all of our systems, to ensure that nothing is using a weak or default password.


      This effectively means that we have to use this onerous password reset process every time that we want to login to the root account, since it'll have been automatically locked out.


      This does not happen with ESXi, vCenter, vROPs, LogInsight, etc. appliances.  Either the account does not get locked out, or is automatically unlocked after some time interval.


      Please update the Skyline appliance to match the behavior of VMware's other appliances, or let me know if I'm missing something.