d46eaw
Last Updated: February 25, 2016
·
2.236K
· ozzy

VMWare vCSA Local User Password Expiration

Background

This tip applies to Linux in general, but is of particular interest in the case of vCSA as many distributions don't enable password expiration by default whereas the SuSE-based vCSA does.

Locally created user passwords on the vCenter Server Appliance version 5.1.0.1 expire after 90 days.

Setting Defaults

The expiration policy for newly created users is defined by the following lines the /etc/login.defs [0] file:

PASS_MAX_DAYS   90
PASS_MIN_DAYS   1
PASS_WARN_AGE   7

Switch these values to 99999, 0 and 7 respectively to disable password expiration.

PASS_MAX_DAYS   99999
PASS_MIN_DAYS   0
PASS_WARN_AGE   7

Resetting Existing Users

Expiration for existing accounts can be checked / set / disabled with chage [1] which acts on /etc/shadow [2]:

Check:

chage -l <username>

Disable:

chage -I -1 -m 0 -M 99999 -E -1 <username>

References

0: man login.defs

1: [man chage]((http://man7.org/linux/man-pages/man1/chage.1.html)

2: man shadow