The check is actually done in the actual execution of vifpinit at: /opt/vmware/vima/bin/vifpinit and I would highly recommend NOT modifying the logic since vi-admin account is used to manage ESX(i) and vCenter systems. You should only be handing out access to VI Admins and in the case of vMA, only vi-admin account should be used.
I agree that using just one account for multiple individuals is hard to track down, but that's where the use of 'sudo' should be used, that way you have everything logged in syslog. You can create individual accounts and then allow only these user's to sudo over to 'vi-admin' to perform operations against your hosts.
=========================================================================
William Lam
VMware vExpert 2009
VMware ESX/ESXi scripts and resources at:
VMware Code Central - Scripts/Sample code for Developers and Administrators
If you find this information useful, please award points for "correct" or "helpful".
I agree, but afaik, that is how vMA is currently setup. Again, you can create individual accounts and sudo over to vi-admin. If you're really interested in remediating the issue you're facing, I suggest contacting VMware support. Again, the check is done within vifpinit script which is just a shell script but I don't know if it breaks other things if you try to override it, I'm sure its possible but you'll need to get VMware involved. I know one thing on their to do list for vMA is to eventually get AD integration and hopefully (UNIX LDAP/etc) so you don't rely on this single account.
I'm just letting you know what I've seen so far and totally agree we should not use just one account since it's hard to audit on exactly who did what. Hope that helps
=========================================================================
William Lam
VMware vExpert 2009
VMware ESX/ESXi scripts and resources at:
VMware Code Central - Scripts/Sample code for Developers and Administrators
If you find this information useful, please award points for "correct" or "helpful".