There is a flaw in the password authentication module of ESX/ESXi 4.1 which truncates local passwords to eight characters despite the actual length of the password. Obviously, 8 character passwords are not considered secure in today’s world, so for now the workaround is below. This is covered in VMware KB1024500, these are step-by-step instructions for ESXi 4.1. These steps apply equally to the full ESX, however ESX includes more advanced text editors and it is not necessary to use vi. VMware has stated that a patch will become available at some point in the future which will make this process unnecessary.
1. Log in to the console of an ESXi 4.1 host as root by pressing F2 and entering the appropriate password.
2. Select Troubleshooting Options and press Enter.
3. Select Enable Local Tech Support and press Enter.
4. Press ALT-F1 to switch to the local terminal.
5. Enter root for the user name and the appropriate password. Press Enter.
6. Change to the /etc/pam.d directory using cd /etc/pam.d
7. Edit the system-auth file using the vi text editor by entering vi system-auth
a. Use the arrow keys to move the cursor.
b. Press i to enter Input mode.
c. Add “md5” to the following line as shown:
password sufficient /lib/security/$ISA/pam_unix.so use_authtok nullok shadow md5
d. Press ESC, followed by : to exit Input Mode.
e. The cursor will move to the bottom of the screen.
f. Enter wq! to save the file and exit.
8. Change to the /etc/ directory using cd /etc
9. Edit the rc.local file using the vi text editor by entering vi rc.local
a. Use the arrow keys to move the cursor.
b. Press i to enter Input mode.
c. Add the following line at the end of the file:
sed -e ‘/password.*pam_unix.so.* md5/q’ -e ‘/password.*pam_unix.so/s/$/ md5/’ -i /etc/pam.d/system-auth
d. Press ESC, followed by : to exit Input Mode.
e. The cursor will move to the bottom of the screen.
f. Enter wq! to save the file and exit.
10. Press ALT-F2 to return to the System Customization screen.
11. Press F2 to log in if necessary.
12. Select Configure Password and press Enter.
13. Enter the current root password, followed by a new root password twice to confirm.
14. Select Troubleshooting Options and press Enter.
15. Select Disable Local Tech Support and press Enter.
16. Press ESC twice to log out of the System Customization screen.
It is necessary to change the password in step 13 for the new password rules to take effect.
ไม่มีความคิดเห็น:
แสดงความคิดเห็น