The root user's password is updated despite getting a "could not change password" error in Cloud Director Availability 4.4.x
Article ID: 315001
Updated On:
Products
VMware Cloud Director
Issue/Introduction
Symptoms:
- When you attempt to change the root user's password to one that doesn't meet the complexity requirements after deploying or upgrading to a Cloud Director Availability 4.4.x appliance, you see a message similar to:
Could not change password. Try again with a strong password that hasn't been used before.
- Attempting to change the password again, but with one that does meet the complexity requirements, also fails and you see a message similar to:
The provided current password is not valid.
Environment
VMware Cloud Director Availability 4.x
Cause
This issue occurs due to a regression in Cloud Director Availability, where the password is still changed on the first attempt despite the error seen in the Cloud Director Availability UI.
Resolution
This is a known issue affecting Cloud Director Availability 4.4.x.
Currently, there is no resolution.
Workaround:
To work around this issue, update the system-password file on the Cloud Director Availability appliance to properly enforce the password complexity requirements.
Currently, there is no resolution.
Workaround:
To work around this issue, update the system-password file on the Cloud Director Availability appliance to properly enforce the password complexity requirements.
- SSH to the Cloud Director Availability appliance.
- Log in as root using the password that was rejected initially.
- Take a backup of the system-password file:
cp /etc/pam.d/system-password /etc/pam.d/system-password.old
- Use a text editor, such as vim, to edit the /etc/pam.d/system-password file to look as follows:
# Begin /etc/pam.d/system-password
password requisite pam_pwhistory.so retry=3 remember=5 enforce_for_root
password requisite pam_pwquality.so dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minlen=8 minclass=4 difok=4 retry=3 maxsequence=0 enforce_for_root
password required pam_unix.so sha512 shadow use_authtok
# End /etc/pam.d/system-password
password requisite pam_pwhistory.so retry=3 remember=5 enforce_for_root
password requisite pam_pwquality.so dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minlen=8 minclass=4 difok=4 retry=3 maxsequence=0 enforce_for_root
password required pam_unix.so sha512 shadow use_authtok
# End /etc/pam.d/system-password
- Save the changes to the system-password file.
- Change the password to a sufficiently complex one using the passwd command or through the UI.
Additional Information
For more information, see the Change the Password of the root User section of the Cloud Director Availability documentation.
Feedback
Yes
No
Powered by
