Hello,
After upgrade from vcsa 6.7 to 7.0, there now seems to be an enforce on password requirements for local vcsa (root) account.
See attached screenshot from https://vcsa.fqdn:5480/
These settings comes from /etc/pam.d/system-password
Output from VCSA 7.0
# Begin /etc/pam.d/system-password
# use sha512 hash for encryption, use shadow, and try to use any previously
# defined authentication token (chosen password) set by any prior module
password requisite pam_cracklib.so dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minlen=6 difok=4 enforce_for_root
password required pam_pwhistory.so debug use_authtok enforce_for_root remember=5
password required pam_unix.so sha512 use_authtok shadow try_first_pass
# End /etc/pam.d/system-password
And as a comparison from VCSA 6.7
# Begin /etc/pam.d/system-password
# use sha512 hash for encryption, use shadow, and try to use any previously
# defined authentication token (chosen password) set by any prior module
password requisite pam_cracklib.so
password required pam_unix.so sha512 shadow try_first_pass
# End /etc/pam.d/system-password
Im unable to find a supported way of modifying this password policy - Im unable to edit the settings in the VCSA:5480 webgui, and im
afraid that modifying the pam.d file directly will probably get overwritten in update/patches.
What would be an appropiate way to go about this?