9 Replies Latest reply on Oct 1, 2019 2:39 AM by Sanjuro

    Password expires in X days notification

    aaroncatt9 Lurker

      Hi guys,

       

      How do you change the amount of days in which the vSphere web client (6.0 U2) prompts you that a password will expire in X amount of days?

       

      Many thanks

      Aaron

        • 1. Re: Password expires in X days notification
          Nithy07cs055 Hot Shot

          Hello aaroncatt9

           

          By default, vCenter Single Sign-On passwords expire after 90 days. The vSphere Web Client reminds you when your password is about to expire, but there is no specific date on which it will prompt , it will just throw an warning

           

          You can change this Password policy using the below link and set your custom days .

           

          https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-B9C4409A-B053-40C3-96DE-232BB99AAA35.html

           

          More information

           

          Users in the vsphere.local domain can change their vCenter Single Sign-On passwords from the

          vSphere Web Client. Users in other domains change their passwords following the rules for that domain.

          You can change a vCenter Single Sign-On password from the vSphere Web Client.

           

          The vCenter Single Sign-On lockout policy determines when your password expires. By default, vCenter

          Single Sign-On user passwords expire after 90 days, but administrator passwords such as the password for

          administrator@vsphere.local do not expire. vCenter Single Sign-On management interfaces show a warning

          when your password is about to expire.

          This procedure explains how you can change a password. If your password is expired, the administrator of

          the local domain (vsphere.local by default) or another member of the Administrators group for the local

          domain can reset the password by using the dir-cli password reset command.

           

          Procedure to rest the Password incase if it expires

           

          1 Log in to the vSphere Web Client using your vCenter Single Sign-On credentials.

          2 In the upper navigation pane, to the left of the Help menu, click your user name to pull down the menu.

          As an alternative, you can select Administration > Single Sign-On > Users and Groups and select Edit

          User from the rightȬbuĴon menu.

          3 Select Change Password and type your current password.

          4 Type a new password and confirm it.

          The password must conform to the password policy.

          5 Click OK.

           

          Let me know if you need more information on this , i can help you.

          • 2. Re: Password expires in X days notification
            Jaxsonville Lurker

            Is there a way to disable or modify when this alert banner pops up? The reason I ask is we are using our AD credentials to login. when those credentials are 30 days from expiring we start getting this banner which is quite annoying. It would be nice to change this to 7 days or something like that.

            • 3. Re: Password expires in X days notification
              RParker Guru

              Advanced vCenter settings

               

              VirtualCenter.VimPasswordExpirationI... (VIM Password Expiration).  Do a filter search on 'password' to find it.

               

              Change this value to 3 or something so you won't be reminded it defaults to 30 days, this should fix it.

               

              Yes I know this post is old.. but I searched for this myself.. and I finally found the solution (I think) because it was annoying me.. since I recently upgraded to vCenter 6.5

              • 4. Re: Password expires in X days notification
                brunofernandez1 Expert

                this doesn't work for me! VCSA 6.5 Build 5973321

                • 5. Re: Password expires in X days notification
                  robwesterby Lurker

                  KB 1016736 says the VimPasswordExpirationInDays setting controls how often the vpxuser account password gets rotated, so it would seem it doesn't affect the 'password expires' message.

                   

                  Setting it to 3 days is probably not a good idea...

                   

                  How to modify the default expiry time for the vpxuser account (1016736) | VMware KB

                  • 6. Re: Password expires in X days notification
                    RParker Guru

                    OK that's true, I thought at first it was working but I see now it's not.

                     

                    I still want to know HOW to disable the message.  It's a domain policy, fine.  But WHY is VMWare reporting it every time I login to vCenter, it's quite annoying.  Probably can't turn it off per-se this is VMware attempt at full transparency because they ASSUME that since they are tied to Active Directory we want to SEE ALL AD messages pertaining to login, but that is false and it should still be preference.

                     

                    I login in Windows RDP all day long and none of them complain my password will expire in 30 days, 29 days, 28 days.. they are members of domain, I get a warning at 10 days (which is what I expect) not 30 days out!

                    • 7. Re: Password expires in X days notification
                      RParker Guru

                      You can change this Password policy using the below link and set your custom days .

                       

                      https://pubs.vmware.com/vsphere-60/index.jsp?topic=%2Fcom.vmware.vsphere.security.doc%2FGUID-B9C4409A-B053-40C3-96DE-232BB99AAA35.html

                       

                      More information

                       

                      Users in the vsphere.local domain can change their vCenter Single Sign-On passwords from the

                      vSphere Web Client. Users in other domains change their passwords following the rule

                      I see NO custom days, only ability to change Max Lifetime (which is basically only how many days you are REQUIRED to change) not warning.

                       

                      We want to know how to turn WARNING or notifications off, not change Max Days setting.  There doesn't appear to be any way.... but your post is misleading, there is still no solution.

                      • 8. Re: Password expires in X days notification
                        gbudziak Novice
                        VMware Employees

                        This is configurable as part of the vSphere Web (Flex) / H5 (HTML) Client configuration

                         

                        Web Client - /etc/vmware/vsphere-client/webclient.properties

                        H5 Client - /etc/vmware/vsphere-ui/webclient.properties

                         

                        The default is 30 days

                         

                        # The number of days before the notification about expiring password appears.

                        sso.pending.password.expiration.notification.days = 30

                         

                        You'll probably need to restart the service for the change to take affect

                        4 people found this helpful
                        • 9. Re: Password expires in X days notification
                          Sanjuro Novice

                          in /etc/vmware/vsphere-ui/webclient.properties set the sso.pending.password.expiration.notification.days = -1