How to extend auto reset unlock time for root users and make it persistent
search cancel

How to extend auto reset unlock time for root users and make it persistent

book

Article ID: 414273

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

This article provides the steps to modify the default unlock timer set for the root user account.

Environment

VMware vCenter Server 7.x

VMware vCenter Server 8.x

Resolution

To set a custom root_unlock_time value that persists through reboots, follow these steps:

  • Log in to the vCenter Server appliance using SSH as the root user.
  • Enable shell access.
        shell.set --enabled true
  • Back up the file before editing
        Run the command to back up the file: cp /etc/applmgmt/appliance/faillock.conf /etc/applmgmt/appliance/faillock.conf.bkp
  • To edit the faillock.conf
        Type vi /etc/applmgmt/appliance/faillock.conf
        Modify the line
        root_unlock_time = 600 (As per the requirement in seconds)
        Ex: Default is 300sec, to set 600sec root_unlock_time=600
  • Reboot the vCenter. (Optional: Only if you need to verify if the applied changes persist post reboot)
  • Verify that the setting is applied and persisted after reboot.
       grep -i "root_unlock_time" /etc/applmgmt/appliance/faillock.conf It should show the new configured time.

Additional Information

Impact & Risk Considerations

Misconfiguring lockout times (too long or too short) can lead to denial of access, especially for root/emergency logins.

Powered by Wolken Software