When you try to create a password that does not meet the authentication requirements of the ESXi host, an error occurs.

Problem

When you create a password on the host, the following fault message appears: A general system error occurred: passwd: Authentication token manipulation error.

The following message is included: Failed to set the password. It is possible that your password does not meet the complexity criteria set by the system.

Cause

The host checks for password compliance using the default authentication plug-in, pam_passwdqc.so. If the password is not compliant, the error appears.

Solution

When you create a password, include a mix of characters from four character classes: lowercase letters, uppercase letters, numbers, and special characters such as an underscore or dash.

Note: An uppercase character that begins a password does not count toward the number of character classes used. A number that ends a password does not count toward the number of character classes used.
Your user password must meet the following length requirements.
  • Passwords containing characters from three character classes must be at least eight characters long.
  • Passwords containing characters from all four character classes must be at least seven characters long.

When the PAM module determines if the password consists of dictionary words, the module may treat some numbers as letters and may reject a password which seems to meet the complexity requirements. For example, a password such as P4$$w0rd may be rejected because it is based on a dictionary word.

If the module rejects your password, you can transfer the password to the /bin/pwqcheck application on the ESXi Shell, change some numbers or letters, and check if it is accepted.

For more information, see the vSphere Security documentation.