Password restrictions, password expiration, and account lockout in your vSphere environment depend on the system that the user targets, who the user is, and how policies are set.
ESXi Passwords
ESXi password restrictions are determined by the Linux PAM module pam_passwdqc. See the Linux manpage for pam_passwdqc and see ESXi Passwords and Account Lockout.
Passwords for vCenter Server and Other vCenter Services
vCenter Single Sign-On manages authentication for all users who log in to
vCenter Server and other vCenter services. The password restrictions, password expiration, and account lockout depend on the user's domain and on who the user is.
- vCenter Single Sign-On Administrator
- The password for [email protected] user, or the administrator@ mydomain user if you selected a different domain during installation, does not expire and is not subject to the lockout policy. In all other regards, the password must follow the restrictions that are set in the vCenter Single Sign-On password policy. See Platform Services Controller Administration for details.
- Other Users of the vCenter Single Sign-On Domain
- Passwords for other vsphere.local users, or users of the domain that you specified during installation, must follow the restrictions that are set by the vCenter Single Sign-On password policy and lockout policy. See Platform Services Controller Administration for details. These passwords expire after 90 days by default. Administrators can change the expiration as part of the password policy.
Passwords for vCenter Server Appliance Direct Console User Interface Users
The vCenter Server Appliance is a preconfigured Linux-based virtual machine that is optimized for running vCenter Server and the associated services on Linux.
When you deploy the
vCenter Server Appliance, you specify these passwords.
- Password for the root user of the appliance Linux operating system.
- Password for the administrator of the vCenter Single Sign-On domain, [email protected] by default.
