There are multiple posts regarding password change policies on ESX4 and ESXi5. From what I read ESXi5 appears to only allow password change policies via Vcenter:
The previous commands such as "esxcfg-auth -maxpassdays=90 -minpassdays=30 -passwarnage=75" do not work and manual creation of the old password policy structure/files on ESXi5 (fresh install) using vi editor appear to be ignored, likely because the supporting structure is so different.
My dilemma is that I have an ESX4.0 host that I am upgrading to ESXi5. This server is isolated and does not have Vcenter and thus no AD integration so it is as isolated as possible (root and backup software access only). I am trying to determine if there is a way without Vcenter to setup password policies other than the settings below that simply set complexity requirements.:
#%PAM-1.0
password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=8,8,8,7,6
password sufficient /lib/security/$ISA/pam_unix.so use_authtok md5 shadow
password required /lib/security/$ISA/pam_deny.so
If doing an upgrade as opposed to a fresh installation of ESXi5 will still allow the password policies to remain in place without Vcenter please let me know what your real life experience is?
I also contemplated setting up Vcenter temporarly, applying the policies, and then removing Vcenter link from the host. Does anyone know if that will work and keep the settings in place on the ESXi5 host?
I have a test environment so I am open to trying different options.