The root password for VMware vCenter expires every 90 days by default. Depending on your vCenter setup, you may want to disable the root password expiry.
In this post, I will show you step-by-step how to disable the root password expiry for VMware vCenter using the GUI and the CLI.
GUI Way
- Log in to the vCenter Server Management interface as root (it used to be called the vCenter Server Appliance Management Interface (VAMI)).
- Click on Administration.
- Click on Edit beside Password expiration settings.
- Select No and click Save.
The password expiry for the root user is now disabled.
CLI Way
- SSH into vCenter.
- Run the command
shellto start a BASH session.
To turn off the password expiry for the root account, we will use the command chage which is the change user password expiry information command.
- Run the following command to see the currently configured expiry settings for the root user
chage -l root
- Run the following command to turn off the expiry for the root user
chage -I -1 -m 0 -M -1 -E -1 root
- Running
chage -l rootagain will confirm that the settings are now in place and the root account no longer has a password expiry.
The parameters we used with chage are:
-Iis the number of days of inactivity before the account is locked after a password expires. If this was set to 5 days and the account was not used for 5 days after the password expires, then on the 6th day, the account would be locked. We use the-1parameter to disable all of this.-mis the number of days before the password can be changed. We use0to allow immediate password changes.-Mis the maximum number of days before a password is considered expired. We use-1again to deactivate this.-Eis the expiry date for the account. As this is the root account, we don’t want it to expire. We use the parameter-1again to turn this off.
That’s all it takes to disable the root password expiry in VMware vCenter. If you want to read more, here is the VMware documentation.
