In the latest release of vSphere 6.0, Vmware expand support for account management on ESXi Hosts.
New ESXCLI Commands:
- CLI interface for managing ESXi local user accounts and permissions
- Coarse grained permission management
- ESXCLI can be invoked against vCenter instead of directly accessing the ESXi host.
- Previously, the account and permission management functionality for ESXi hosts was available only with direct host connections.
- Previously customers had to manually edit by hand the file /etc/pam.d/passwd, now they can do it from VIM API OptionManager.updateValues().
- Advanced options can also be accessed through vCenter, so there is not need to make a direct host connection.
- PowerCLI cmdlet allows setting host advanced configuration options
- AccountLockFailures – “Maximum allowed failed login attempts before locking out a user’s account. Zero disables account locking.”
- Default: 10 tries
- AccountUnlockTime – “Duration in seconds to lock out a user’s account after exceeding the maximum allowed failed login attempts.”
- Default: 2 minutes