前言：（preface)
    几次安装VMWare ESXi时，配置完password、network和troubleshooting后，想reboot一下，可是不小心选了系统的“reset system config”，当做是“reboot system”了，重启动后，password当然是没有了，再重配置配置密码时，出现告警提示：
    Configure Password: Error
    The password change operation failed.
    Please ensure that your password meets the complexity criteria set by your administrator.
（注：complexity复杂性；criteria标准/条件）
那么再配置密码，要符合什么样的复杂条件呢？下面看一下VMWare官网上是如何说明的。

ESX and ESXi 4.x and 5.x password requirements and restrictions

symptoms
1.You are unabled to set a password in ESX or ESXi 4.x or 5.x.
2.You see these VMware vSphere Client errors:
  1)A general system error occurred: passwd: Authentication token manipulation error
  2)An internal error has occurred,and the wizard is unable to store the Administrator password securely.The customizaion cannot proceed.Please contace VMware technical support for more information.
3.You see this console error:
  Weak password:not enough different characters or classes for this length.
  passwd: Authentication token manipulation error

Purpose
 This article provides information about VMware ESX and ESXi 4.0 and 5.x password requirements and restrictions.

Cause
 This issue may occur if a password is invalid.

Resolution
 A valid password requires a min of upper and lower case letters,digits,and other characters.You can use a 7-character long password with characters form at least three of these four classes, or a 6-character long password containing characters from all the classes.A password that begins with an upper case letter and ends with a numerical digit does not count towards the number of character classes used.It is recommended that the password does not contain the username.
A passphrase requires at least 3 words,be 8 to 40 characters long,and must contain enough different characters.
Note:
   1)vCenter Server 4.0 can handle up to 26-character passwords.
   2)in ESXi 4.x and 5.x the password cannot contain the words admin,root,or administrator in any form.
  3)The /etc/security/login.map file contains the authentication rules for ESX/ESXi.Refer to this file to determine which file to edit in the workaround.
  Example:the file might contain these rules:
       vpxuser : system-auth-local
       * : system-auth-generic
  In this case,use system-auth-local to authenticate vpxuser.Use system-auth-generic to authenticate all other users.If system-auth-generic is not present on the system.the /etc/security/login.mpa file typically lists sys-auth.

Caution:Modifying password restrictions may reduce the security of you WMware environment.

(注：在此部分省略关于ESX4.0/ESXi4.0/ESXi4.1对于密码约束的修改内容，下面接着谈ESXi5.0相关内容）

ESXi5.0
To modify these settings on an ESXi5.0 host:
  1. Enable technical support mode.For more information,see "Using Tech Support Mode in ESXi4.1 and ESXi5.0(1017910).
  2. Modify /etc/pam.d/passwd file.
     vi /etc/pam.d/passwd
  3. In the file,find this line:
     password requistie  /lib/security/$ISA/pam_passwdqc.so retry=3 min=8,8,8,7,6
     password requisite  /lib/security/$ISA/pam_passwdqc.os retry=N min=N0,N1,N2,N3,N4
     Note: min=8,8,8,7,6 maps to min=N0,N1,N2,N3,N4 in the follwing step.
  4. Using these switches,make your required changes and save the file:
     1)retry=3: A user is allowed 3 attempts to enter a sufficient password.
     2)N0=12:  Passwords containing characters from one character class must be at least twelve characters long. example:chars1234567
     3)N1=10:  Passwords containing characters from two character classes must be at least ten characters log. example: CHars12345
     4)N2=8:   Passphrases must contain words that are each at least eight characters log.example:software
     5)N3=8:   Passwords containing characters from all three chatacter classes must be at least eight characters long. example:CHars12
     6)N4=7:   Passwords containing chatacters from all four character classes must be at least seven characters long. exmaple:CHars1!
     7)Example:password requistie /lib/security/$ISA/pam_passwdqc.so retry=3 min=12,10,8,8,7

Additional Information
For more information on the PAM module and ESX login issues,see "Root users connot login after upgrading from ESX3.5 to ESX4.0(1014530).

Tags
cannot-set-esx-password

See Also
 1.Tech Support Mode for Emergency Support
 2.Root users cannot loging after upgrading rom ESX3.5 to ESX4.0
 3.Using Tech Support Mode in ESXi4.1 and ESX5.0

Update History

Request a Product Feature
To request a new product feature or provide feedback on a VMware product,visit "the Request a Product Feature" page.

Feedback