evilrouters.net

i was asked today to look at an issue where backups of our virtual machines on vmware esx had began to fail. we use vizioncore’s vranger pro for backing up the vm’s and it has a “user account” on each of the servers running vmware esx.

after a quick look, i figured out what happened. password aging was set to require a password change every 90 days. since we don’t ever “interactively” log in to the esx servers with this particular account, however, we didn’t see the warnings.

we currently don’t have a “you must change your password every x days” policy, because we have a policy of using long, complex passphrases. because of this we didn’t want to change those passwords every 90 days per the default.

the fix was to disable password aging for vranger’s account on each of the vmware esx hosts, like this:

# passwd -x 99999 -w 7 -n 0 vranger

(the “-w 7 -n 0″ are probably unnecessary, but keeps this account’s settings consistent with the others.)