VMware vCSA 5.1 password expiration

A few months ago, I was unable to login on my vCSA. At that time, I thought it ws a glitch, I rebooted (didn’t fix the issue) and changed the password of the users, which fixed the issue.

Recently, I had the same issue. I concluded it could not be a glitch anymore and decided to search for root cause.

The reason given by Veeam was “username or password incorrect”, which was wrong. On the other hand, vSphere Web Client gave another error, much more helpful : “account locked out”.

While an account can become locked if there are too many login tentatives, this wasn’t it. You can check the number of tries with the command “pam_tally –user <user>” and reset the count to zero with “pam_tally –user <user> –reset”.

I changed the password for one of the accounts and I could login again. So I checked if there was a password expiration policy on vCSA, and there is! You see and can change individual settings with the command chage, or you can change default settings by editing the file /etc/login.defs .

I found this link most helpful .

This entry was posted in Computer, Linux, Virtualization, VMware and tagged , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *