VMware ESXi Password Requirements and Restrictions
search cancel

VMware ESXi Password Requirements and Restrictions

book

Article ID: 307368

calendar_today

Updated On:

Products

VMware vCenter Server VMware vSphere ESXi

Issue/Introduction

This article provides information about ESXi 6.x or higher password requirements and restrictions.
  • Unable to set a password ESXi 6.x
  • VMware vSphere Client errors:
     
    • A general system error occurred: passwd: Authentication token manipulation error
    • An internal error has occurred, and the wizard is unable to store the Administrator password securely. The customization cannot proceed. Please contact VMware technical support for more information.
       
  • Console error:

    Weak password: not enough different characters or classes for this length.
    passwd: Authentication token manipulation error

Cause

This issue may occur if a password is invalid.

Resolution

A valid password requires a mix of upper and lower case letters, digits, and other characters. Use a 7-character long password with characters from at least three of these four classes, or a 6-character long password containing characters from all the classes. A password that begins with an upper case letter and ends with a numerical digit does not count towards the number of character classes used. It is recommended that the password does not contain the username.

A passphrase requires at least 3 words, can be 8 to 40 characters long, and must contain enough different characters.

 
 
To change the password complexity of ESXi local user:
 
For example:
 
To force a particular password to create a local user in ESXi with the credentials
 
User name : UserName
Password : !P@ssWord!
 
To make these settings on an ESXi 6.0 host, modify /etc/pam.d/passwd file:
  1. Take a backup /etc/pam.d/passwd file.
  2. Edit it to

    password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=0,0,0,0,0
  3. Create the user and password.
Note: ​Alternatively, you can change the Security.PasswordQuality Control from the Advanced option on the GUI. For more information, see ESXi Passwords and Account Lockout.