Disable root password expiry on vCenter
Home > VMWare platform > VMWare vCenter > Disable root password expiry on vCenter
To disable password expiry on vCenter Very important for VxRail / vCF automated environments use:
- Login into vCenter via SSH and get access to bash shell by typing 'shell' in appliancesh prompt.
- OR we can open vCenter VM console via vCenter / ESXi host and login with root username and password
- Change existing password (if required) via:
- passwd
- If vCenter remembers last 5 passwords and forces you to set new password, you can change password 4-5 times so that finally we can set old password again.
- Disable aging of root password via:
- chage -M 9999 root
- chage -l root
- If login is not working try to reset failed login count via:
- pam_tally2 -u root -r
We can also disable password expiry via options in https://<ip-or-fqdn>:5480/ appliance management interface. But this should be done before password expiry. After password is expired we may only have option of using console to reset password.
Disable other vsphere.local user password expiry
By default not only root but any other local users that we create in vCenter for administration purposes (Eg for integrating with backup tools), have a default password expiry of 90 days. Due to this except administrator@vsphere.local all other local user in SSO domain also face password expiry. To disable this use:
- Login into vCenter Web UI
- Go to Home -> Administration. Then go to Single Sign On -> Configuration.
- Click the Local Accounts tab.
- Click Edit for the Password Policy row.
- Change the maximum lifetime to 9999 or 0 to effectively disable the password expiry for other @vsphere.local users.
Refer:
Home > VMWare platform > VMWare vCenter > Disable root password expiry on vCenter