Password restrictions, password expiration, and account lockout in your vSphere environment depend on the system that the user targets, who the user is, and how policies are set.
ESXi password restrictions are determined by certain requirements. See ESXi Passwords and Account Lockout.
Passwords for vCenter Server and Other vCenter Services
- vCenter Single Sign-On Administrator
- The password for the firstname.lastname@example.org user, or the administrator@ mydomain user if you selected a different domain during installation, does not expire and is not subject to the lockout policy. In all other regards, the password must follow the restrictions that are set in the vCenter Single Sign-On password policy. See vSphere Authentication for details.
- If you forget the password for this user, search the VMware Knowledge Base system for information on resetting this password. The reset requires additional privileges such as root access to the vCenter Server system.
- Other Users of the vCenter Single Sign-On Domain
- Passwords for other vsphere.local users, or users of the domain that you specified during installation, must follow the restrictions that are set by the vCenter Single Sign-On password policy and lockout policy. See vSphere Authentication for details. These passwords expire after 90 days by default. Administrators can change the expiration as part of the password policy.
- If you forget your vsphere.local password, an administrator user can reset the password using the dir-cli command.
- Other Users
- Password restrictions, password expiration, and account lockout for all other users are determined by the domain (identity source) to which the user can authenticate.
- vCenter Single Sign-On supports one default identity source. Users can log in to the corresponding domain with the vSphere Client with their user names. If users want to log in to a non-default domain, they can include the domain name, that is, specify user@ domain or domain\ user. The domain password parameters apply to each domain.
Passwords for vCenter Server Direct Console User Interface Users
The vCenter Server appliance is a preconfigured virtual machine that is optimized for running vCenter Server and the associated services.
- Password for the root user.
- Password for the administrator of the vCenter Single Sign-On domain, email@example.com by default.