In the latest release of vSphere 6.0, Vmware expand support for account management on ESXi Hosts.

AP-MGMT-Enhanc.[1]

New ESXCLI Commands:

  • CLI interface for managing ESXi local user accounts and permissions
  • Coarse grained permission management
  • ESXCLI can be invoked against vCenter instead of directly accessing the ESXi host.
  • Previously, the account and permission management functionality for ESXi hosts was available only with direct host connections.

Password Complexity:

  • Previously customers had to manually edit by hand the file /etc/pam.d/passwd, now they can do it from VIM API OptionManager.updateValues().
  • Advanced options can also be accessed through vCenter, so there is not need to make a direct host connection.
  • PowerCLI cmdlet allows setting host advanced configuration options

Account Lockout:

  • AccountLockFailures – “Maximum allowed failed login attempts before locking out a user’s account. Zero disables account locking.”
    • Default: 10 tries
  • AccountUnlockTime – “Duration in seconds to lock out a user’s account after exceeding the maximum allowed failed login attempts.”
    • Default: 2 minutes

Leave a Reply