Configure all account password expirations in accordance with your organization's security policies.
By default, all hardened VMware appliances use a 60-day password expiry. On most hardened appliances, the root account is set to a 365-day password expiry. As a best practice, verify that the expiry on all accounts meets security and operation requirements standards.
If the root password expires, you cannot reinstate it. You must implement site-specific policies to prevent administrative and root passwords from expiring.
- Log in to your virtual appliance machines as root and run the
# more /etc/shadowcommand to verify the password expiry on all accounts.
- To modify the expiry of the root account, run the
# passwd -x 365 rootcommand.
In this command, 365 specifies the number of days until password expiry. Use the same command to modify any user, substituting the specific account for root and replacing the number of days to meet the expiry standards of the organization.
By default, the root password is set for 365 days.