| Passwords need to be changed at specific policy based intervals, however if the information system or application allows the user to immediately and continually change their password then the password could be repeatedly changed in a short period of time defeating the organization's policy regarding password reuse. Permanent not a finding - Lockdown mode (required) limits access via the vpxuser proxy. The proxy's password is 32 (randomly selected) characters, SHA1 encrypted, not configurable, and changed every 30 days "or" sooner when/if a new host is configured/controlled by the vCenter Server. This password is obfuscated on vCenter. root is the only local user w/the only local password. Requirement is to use AD for all other accounts, in which case min/max lifetime restrictions are controlled elsewhere. Root's password should never be subjected to these restrictions. |
