阅读权限90
最后登录2023-10-17
在线时间140 小时
积分6499
注册时间2014-3-16
精华0
主题3
UID18289
帖子963
金币10827
威望0
贡献0
技术0
活跃974
论坛贵宾VIP-永久权限
- 贡献
- 0
- 技术
- 0
- 活跃
- 974
- 在线时间
- 140 小时
|
发表于 2016-3-8 23:09:59
|
显示全部楼层
PurposeThis article provides instructions on preventing the forced lockout of the root account and on unlocking a locked root account.
CauseThe 5.5 release of the vCenter Server Appliance (vCSA) enforces local account password expiration after 90 days by default. This policy locks out the root account when the password expiration date is reached.
Resolution
This behavior affects vCenter Server Appliance 5.5.
Prevent forced lockout when the root account is still activeIf the root account is still accessible through the vCSA console or via the secure shell (SSH), you can prevent this issue from occurring by modifying the /etc/cron.daily/pass-expiration script.
To prevent the forced lockout when the root account is still active:
Log in to the vCSA as the root user.
Open the /etc/cron.daily/pass-expiration script in a text editor.
Replace the commands at the bottom of the script to replace the forced lockout with a forced password change:
Delete these commands:
# disable the password if it's time and not already done.
# don't rely on the pam account facility. prepend an x in the shadow file.
if [ $TODAY -ge $DEADLINE ] && ! grep -q 'root:x' $SHADOW; then
sed -e 's/^root:\(.*\)/root:x\1/' $SHADOW -i
fi
Enter these commands:
# force a password change for root if we've reached the password expiration date.
# pam.unix2 doesn't do this the way we would like, so we do this instead.
if [ $TODAY -ge $DEADLINE ]; then
chage –d 0 root
fi
Save and close the file. |
|