VMware Cloud Community
Masi45673
Contributor
Contributor

SSO password

Hi Folks,

We have 4 vCenters in different locations and out of one we are getting administrator SSO password expiring soon, since I have given in the command line password never expire parameter still I'm observing same issue. Can someone help here please.

Thanks.

Reply
0 Kudos
13 Replies
a_p_
Leadership
Leadership

How does this look like in the GUI?

André

Reply
0 Kudos
Masi45673
Contributor
Contributor

Hi Andre;

Still says expiring in some days.

I have stopped and started all the services and all.

Thanks.

Reply
0 Kudos
a_p_
Leadership
Leadership

Sorry for the previous short reply.

What I was thinking of are the settings (e.g. Password Policy, ...)

André

Reply
0 Kudos
Masi45673
Contributor
Contributor

Max lifetime set to 90 days, and it has the same settings across all our vCenters. Only one vCenter has this issue..

Maximum lifetimePassword must be changed every 90 days
Reply
0 Kudos
a_p_
Leadership
Leadership

Hmm, to ensure I understand this correctly.

  • You are logged on as administrator@vsphere local?
  • What's the exact message for "SSO password expiring soon" (maby a screen sho will help)?
  • Which command did you use to set the password to never expire?
  • Which vCenter version/build do you use?
  • Has the expiration setting been modified in "/etc/vmware/vsphere-ui/webclient.properties"?

André

Reply
0 Kudos
Masi45673
Contributor
Contributor

1. Yes, logged in with admin account.

2. Password expiring in 29 days.

pastedImage_0.png

3. ./dir-cli user modify --account xyz --password-never-expires

4. vCenter

5. No..

Thanks.

Reply
0 Kudos
IRIX201110141
Champion
Champion

Aehh.... .why you dont specify 0 == no password expire within the GUI?

Regards,
Joerg

Reply
0 Kudos
a_p_
Leadership
Leadership

... and the account is a local account, i.e. not an AD/domain account?

André

Reply
0 Kudos
Masi45673
Contributor
Contributor

It is a local accout, administrator@vsphere.local one..

Reply
0 Kudos
a_p_
Leadership
Leadership

What does the

dir-cli user find-by-name  --account administrator --level 2

return regarding password expiration?

Is it the same with "administrator@vsphere.local" as the account name?


André

Reply
0 Kudos
Masi45673
Contributor
Contributor

It looks like this:

Account: administrator

UPN: Administrator@vsphere.local

Account disabled: FALSE

Account locked: FALSE

Password never expires: TRUE

Password expired: FALSE

Password expiry: N/A

Reply
0 Kudos
a_p_
Leadership
Leadership

In this case it looks like a possible bug to me. Not sure though what's different on the other vCenter Server systems!?

Anyway, is this the only local user account that you are using? In this case you may consider changing the password policy, so that passwords don't expire.

André

Reply
0 Kudos
Masi45673
Contributor
Contributor

We have same settings, same vCenter version and build across the vCenters. I have another local sso account for myself but that was created recently. I'll change the password policy then. Thanks much!!

Reply
0 Kudos