Is anyone using public key certificates to log in interactive on the box? Most security policies recommend this over password authentication.
Are there any issues with only allowing public key authentication?
If you use ldap, use esxcfg-auth to set it up as it will properly configure the pam files. LDAP should work quite well.
Since VMware Server depends upon the OS on which it is installed, you would use that hosts authentication methods. Windows has its tools. Linux has its tools as well. The 'commands' for Linux depend on the flavor used. But yes there are similar tools available.