Configuring Password Rotation and Account Lockout Policies

You can configure password rotation and account policies for the VMware Skyline Health Diagnostics.

You can customize password and account lockout policies based on your organization policies. These settings are stored in the configuration file /opt/vmware-shd/vmware-shd/app/apiserver/vmware-shd.conf in the [account] section.


Element	Description	Parameter	Default	Minimum	Maximum
Password History	Number of previous passwords to be stored. You cannot repeat these passwords till the limit exhausted. Setting the value to `0` the password changes history is not tracked.	`account/history`	3	0	5
Maximum password age	The maximum age of a password in days after which UI authentication will fail with password expired error.	`account/passage`	90	1	No Limit
Log in Failure window	The amount of time in minutes within which successive log in failures count towards locking an account.	`account/failwindow`	5	1	No Limit
Log in Failure Count	The number of successive failures tolerated before locking the account.	`account/failcount`	0	1	No Limit
Account Lockout duration	The duration in minutes account stays locked.	`account/locktime`	15	1	No Limit

Caution:

You must restart the VMware Skyline Health Diagnostics service by running the systemctl restart vmware-shd command for the new changes to be effective.