In running through the excercise of hardening a vSphere 5.1 environment, I am having difficulty with implementing a particular security control. When I implement the "remember=5" switch as described below, I cannot change the root password no matter what I attempt to input as the password.
The control essentially states the /etc/pam.d/passwd file must have the "remember" switch set to no less than 5. Essentially to ensure a password has not been reused within the last 5 password resets.
Control: GEN000800-ESXI5-000053
Test step: # grep "^password" /etc/pam.d/passwd | grep sufficient | grep "remember="
My input to the passwd file: password requisite /lib/security/$ISA/pam_passwdqc.so remember=5 similar=deny retry=3 min=disabled,disabled,disabled,disabled,14
I am curious if anyone else has this implemented successfully? Is there something I am missing here? Any thoughts or suggestions are appreciated...
Greg C.