Highlighted
Contributor
Contributor

SSO password

Hi Folks,

We have 4 vCenters in different locations and out of one we are getting administrator SSO password expiring soon, since I have given in the command line password never expire parameter still I'm observing same issue. Can someone help here please.

Thanks.

0 Kudos
13 Replies
Highlighted
User Moderator
User Moderator

How does this look like in the GUI?

André

0 Kudos
Highlighted
Contributor
Contributor

Hi Andre;

Still says expiring in some days.

I have stopped and started all the services and all.

Thanks.

0 Kudos
Highlighted
User Moderator
User Moderator

Sorry for the previous short reply.

What I was thinking of are the settings (e.g. Password Policy, ...)

André

0 Kudos
Highlighted
Contributor
Contributor

Max lifetime set to 90 days, and it has the same settings across all our vCenters. Only one vCenter has this issue..

Maximum lifetimePassword must be changed every 90 days
0 Kudos
Highlighted
User Moderator
User Moderator

Hmm, to ensure I understand this correctly.

  • You are logged on as administrator@vsphere local?
  • What's the exact message for "SSO password expiring soon" (maby a screen sho will help)?
  • Which command did you use to set the password to never expire?
  • Which vCenter version/build do you use?
  • Has the expiration setting been modified in "/etc/vmware/vsphere-ui/webclient.properties"?

André

0 Kudos
Highlighted
Contributor
Contributor

1. Yes, logged in with admin account.

2. Password expiring in 29 days.

pastedImage_0.png

3. ./dir-cli user modify --account xyz --password-never-expires

4. vCenter

5. No..

Thanks.

0 Kudos
Highlighted
Virtuoso
Virtuoso

Aehh.... .why you dont specify 0 == no password expire within the GUI?

Regards,
Joerg

0 Kudos
Highlighted
User Moderator
User Moderator

... and the account is a local account, i.e. not an AD/domain account?

André

0 Kudos
Highlighted
Contributor
Contributor

It is a local accout, administrator@vsphere.local one..

0 Kudos
Highlighted
User Moderator
User Moderator

What does the

dir-cli user find-by-name  --account administrator --level 2

return regarding password expiration?

Is it the same with "administrator@vsphere.local" as the account name?


André

0 Kudos
Highlighted
Contributor
Contributor

It looks like this:

Account: administrator

UPN: Administrator@vsphere.local

Account disabled: FALSE

Account locked: FALSE

Password never expires: TRUE

Password expired: FALSE

Password expiry: N/A

0 Kudos
Highlighted
User Moderator
User Moderator

In this case it looks like a possible bug to me. Not sure though what's different on the other vCenter Server systems!?

Anyway, is this the only local user account that you are using? In this case you may consider changing the password policy, so that passwords don't expire.

André

0 Kudos
Highlighted
Contributor
Contributor

We have same settings, same vCenter version and build across the vCenters. I have another local sso account for myself but that was created recently. I'll change the password policy then. Thanks much!!

0 Kudos