Configure all account password expirations in accordance with your organization's security policies.

By default, all hardened VMware virtual appliance accounts use a 60-day password expiration. On most hardened appliances, the root account is set to a 365-day password expiration. As a best practice, verify that the expiration on all accounts meets both security and operation requirements standards.

If the root password expires, you cannot reinstate it. You must implement site-specific policies to prevent administrative and root passwords from expiring.


  1. Log in to your virtual appliance machines as root and run the following command to verify the password expiration on all accounts.

    # cat /etc/shadow

    The password expiration is the fifth field (fields are separated by colons) of the shadow file. The root expiration is set in days.

    Figure 1. Password Expiry Field
    Password Expiry Field
  2. To modify the expiry of the root account, run a command of the following form.

    # passwd -x 365 root

    In this command, 365 specifies the number of days until password expiry. Use the same command to modify any user, substituting the specific account for 'root', and replacing the number of days to meet the expiry standards of the organization.