This article provides information on configuring vmtoolsd to use a common authentication mechanism using PAM. It applies to open-vm-tools and VMware Tools (tar installer) and OSPs. The open-vm-tools packages shipped with Ubuntu and Debian do not need these modifications.

The purpose is that an authentication mechanism is only configured in one place. For example if services running in the VM are configured to use LDAP for authentication, instead of changing the file /etc/pam.d/vmtoolsd to explicitly support LDAP, change the common files that are configured to use LDAP.

For CentOS 6 and RHEL 6, replace the file /etc/pam.d/vmtoolsd with:

auth       required     pam_shells.so
auth       include      password-auth
auth       include      postlogin
account    required     pam_nologin.so
account    include      password-auth

For CentOS 7 and 8 and RHEL 7 and 8, replace the file /etc/pam.d/vmtoolsd with:

auth       required     pam_shells.so
auth       substack     password-auth
auth       include      postlogin
account    required     pam_nologin.so
account    include      password-auth

For SLE 12 and 15, use:

auth     required       pam_shells.so
auth     requisite      pam_nologin.so
auth     include        common-auth
account  include        common-account