View unanswered posts | View active topics It is currently Sat Jul 20, 2019 3:33 am



Reply to topic  [ 6 posts ] 
 Default Password Complexity Rules 
Author Message

Joined: Fri Sep 09, 2011 9:50 am
Posts: 12
Reply with quote
Post Default Password Complexity Rules
Hi,

Could someone point me to the default password rules for ESXi 4.1 U1? I don't think I'm specially bothered about changing them, but there's obviously something funny going on that I don't understand and I'm fed up with trying one password after another to try and find something its happy with.

Thanks, Tony S


Thu Sep 22, 2011 2:16 am
Profile
Site Admin

Joined: Mon Mar 16, 2009 10:13 pm
Posts: 3880
Reply with quote
Post Re: Default Password Complexity Rules
Take a look at this - http://vm-help.com/esx40i/password_complexity.php.

_________________
Dave Mishchenko
VMware vExpert 2009-2013
Image
Now available - VMware ESXi: Planning, Implementation, and Security
Also available - vSphere Quick Start Guide


Thu Sep 22, 2011 9:23 am
Profile

Joined: Fri Sep 09, 2011 9:50 am
Posts: 12
Reply with quote
Post Re: Default Password Complexity Rules
Thanks, I'll need to have a proper read of that, including all the follow up discussion. At first glance it doesn't seem correct for 4.1 as it looks as if its saying that an eight character password need have only one class - my system definitely rejects those, and also some eight or longer passwords with two or three classes.

Is there some over-ride banning dictionary words, or pairs of dictionary words stuck together without another character in between?

I don't really like to ever disclose a password, so I'm loath to post examples of passwords that my system doesn't like!


Thu Sep 22, 2011 10:34 am
Profile

Joined: Sat Feb 05, 2011 3:13 pm
Posts: 49
Reply with quote
Post Re: Default Password Complexity Rules
Try using a password with mixed-case letters, with a number thrown in somewhere. Also, try not to start or end it with a number. I follow that convention, and don't appear to have the issue that you do.


Thu Sep 22, 2011 10:47 am
Profile
Site Admin

Joined: Mon Mar 16, 2009 10:13 pm
Posts: 3880
Reply with quote
Post Re: Default Password Complexity Rules
Is it 4.1 or 4.1 Update 1 that you're using? There were some issues with password length and 4.1.0.

Here's what I'm trying
abcdefgh - Ok
aabcdefg - ok
aaaaaaaa - format error
zaabcdez - OK
zaaaabcz - OK
zaaaabbz - format error

I tried the above samples. As I note in the article, the 1st and last characters are discarded when testing the password.

If I had enabled the below, the aaaaaaaa password should have worked.

Quote:
3) To turn off the enforcing of strong passwords, use the enforce option. Valid values for the option are none, users and everyone. So if the common-password file is changed to the below, then a single character password will be allowed regardless of the settings for the min option.

#%PAM-1.0
password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=8,8,8,7,6 enforce=none

_________________
Dave Mishchenko
VMware vExpert 2009-2013
Image
Now available - VMware ESXi: Planning, Implementation, and Security
Also available - vSphere Quick Start Guide


Thu Sep 22, 2011 11:00 am
Profile

Joined: Fri Sep 09, 2011 9:50 am
Posts: 12
Reply with quote
Post Re: Default Password Complexity Rules
Cheers. Both my hosts are 4.1.0-348481.

In your examples, which rule makes the difference between these three?
zaabcdez - OK
zaaaabcz - OK
zaaaabbz - format error

Tony S


Fri Sep 23, 2011 1:05 am
Profile
Display posts from previous:  Sort by  
Reply to topic   [ 6 posts ] 

Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group.
Designed by STSoftware for PTF.