VMware Cloud Community
cendioMartin
Contributor
Contributor

VCSA 7.0 password requirements for local root account

Hello,

After upgrade from vcsa 6.7 to 7.0, there now seems to be an enforce on password requirements for local vcsa (root) account.

See attached screenshot from https://vcsa.fqdn:5480/

vcsa_pw_req.png

These settings comes from /etc/pam.d/system-password

Output from VCSA 7.0

# Begin /etc/pam.d/system-password

# use sha512 hash for encryption, use shadow, and try to use any previously
# defined authentication token (chosen password) set by any prior module
password requisite pam_cracklib.so dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minlen=6 difok=4 enforce_for_root
password required pam_pwhistory.so debug use_authtok enforce_for_root remember=5
password required pam_unix.so sha512 use_authtok shadow try_first_pass
# End /etc/pam.d/system-password

And as a comparison from VCSA 6.7

# Begin /etc/pam.d/system-password

# use sha512 hash for encryption, use shadow, and try to use any previously
# defined authentication token (chosen password) set by any prior module
password requisite pam_cracklib.so
password required pam_unix.so sha512 shadow try_first_pass

# End /etc/pam.d/system-password

 

Im unable to find a supported way of modifying this password policy - Im unable to edit the settings in the VCSA:5480 webgui, and im

afraid that modifying the pam.d file directly will probably get overwritten in update/patches.

What would be an appropiate way to go about this?

Reply
0 Kudos
0 Replies