VMware Cloud Community
fajarpri
Enthusiast
Enthusiast
‎11-15-2009 06:42 PM
Jump to solution

Password expiry date

Hi all,

Is it possibly to implement password policy like: minimum lenght, max password age, min password age, password history with ESX4.0?

Thank you.

Tags (3)
0 Kudos
1 Solution

Accepted Solutions
lamw
Community Manager
Community Manager
‎11-15-2009 07:54 PM
Jump to solution

With classic ESX 4.0 with Service Console yes, with esxcfg-auth but not with ESXi 4.0 since the Service Console does not exists, that command is not available using the vCLI nor necessary.

=========================================================================

William Lam

VMware vExpert 2009

VMware ESX/ESXi scripts and resources at:

Twitter: @lamw

VMware Code Central - Scripts/Sample code for Developers and Administrators

VMware Developer Comuunity

If you find this information useful, please award points for "correct" or "helpful".

View solution in original post

0 Kudos
2 Replies
lamw
Community Manager
Community Manager
‎11-15-2009 07:54 PM
Jump to solution

With classic ESX 4.0 with Service Console yes, with esxcfg-auth but not with ESXi 4.0 since the Service Console does not exists, that command is not available using the vCLI nor necessary.

=========================================================================

William Lam

VMware vExpert 2009

VMware ESX/ESXi scripts and resources at:

Twitter: @lamw

VMware Code Central - Scripts/Sample code for Developers and Administrators

VMware Developer Comuunity

If you find this information useful, please award points for "correct" or "helpful".

0 Kudos
Texiwill
Leadership
Leadership
‎11-16-2009 08:25 AM
Jump to solution

Hello,

Moved to the Security Forum.

You could also do this using the HyTrust appliance which interacts with AD. While not setting up expiry on ESXi it does act as an authentication proxy that can use AD expiration to do the same thing. The HyTrust appliance exists in a community form.

This also implies that there are no 'real' users on the ESXi platform. Just 'root' and the user used by vCenter. This allows you to get the same access control using regular users, etc

Even with Hytrust you will eventually have to change passwords on the ESXi host. But you can use delegation and just have a few users, perhaps just one that does everything.


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009

Virtualization Practice Analyst[/url]
Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
[url=http://www.astroarch.com/wiki/index.php/Blog_Roll]SearchVMware Pro[/url]|Blue Gears[/url]|Top Virtualization Security Links[/url]|
[url=http://www.astroarch.com/wiki/index.php/Virtualization_Security_Round_Table_Podcast]Virtualization Security Round Table Podcast[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill