AVArcher
Virtual Infrastructure Specialists
HOME SERVICES ABOUT US PARTNERS CONTACT US

Services

Virtualisation?

Why us?

Links

ESX3 Help

Contact us

Rated as safe for all users

Valid HTML 4.01 Transitional

AVArcher are Scotland, UK based Virtual Infrastructure Consultants

esxcfg-auth - VMware ESX Server Network Management Utility

esxcfg-auth

NAME
esxcfg-auth - VMware ESX Server Network Management Utility

COPYRIGHT
VMware ESX Server is Copyright 2000-2006 VMware, Inc. All
rights reserved.

SYNOPSIS
esxcfg-auth [--probe]
[--enablemd5]
[--disablemd5]
[--enableshadow]
[--disableshadow]
[--usepamqc <params>]
[--usecrack <params>]
[--enablead [--addomin <domain>] [--addc <server>]]
[--disablead]
[--enablenis [--nisdomain <domain>] [--nisserver <nisserver>]]
[--disablenis]
[--enablekrb5 [--krb5realm <realm>] [--krb5kdc <server>] [--krb5adminserver <server>]]
[--disablekrb5]
[--enableldap [--enableldapauth] [--ldapserver <server>] [--ldapbasedn <basedn>]]
[--disableldap]

DESCRIPTION

esxcfg-auth provides an easy way to configure your server to allow network based authentication as well as password complexity settings for your machine. It supports setting up your system to do authentication against an Active Directory Server, but not user management, as well as authentication against a NIS server, a Kerberos server, or an LDAP server. You can configure the way that passwords are stored and the complexity of the password when a user sets a new password.
This utility is experimental. It is likely to change.

OPTIONS

--probe
Calling esxcfg-auth with the probe option will print your current configuration to standard out. This is useful if you want to store your configuration for documentation or archival purposes. If it is invoked with other options, the changes those options would make are made. The resulting configuration is printed to standard out. In that case, the configuration data is not written to disk, and the command is equivalent to a dry run.
--enablemd5
This option sets the system to store the password in MD5 form. The default is shadow.
--disablemd5
This option restores the system to default password storage, which is shadow.
--enableshadow
Store user passwords using shadow information. This is the default manner in which passwords are stored if no format is specified.
--disableshadow
This option is useful to store the password in MD5 form. If you do not enable MD5 storage, the passwords will remain in shadow form.
--usepamqc
Enables the use of the pam_passwdqc PAM module for password complexity checking. It can be configured by passing a 6 value tuple as the value. The tuple is formed from the following information:
- minimum length of a single character class password
- minimum length of a password that has characters from 2 character classes
- minimum number of words in a passphrase
- minimum length of a password that has characters from 3 character classes
- minimum length of a password that has characters from 4 character classes
This does not fully expose the abilities of this powerful PAM module. See the pam_passwdqc man page for more information on how to use this PAM module to enforce password rules on the user's password.
If you pass a value of -1 for any of the six tuple values, that is understood as disable this option. An example of a tuple is "8 -1 -1 -1 8 4".
--usecrack

Enables the use of the pam_cracklib PAM module for password complexity checking. It can be configured by passing a 6 value tuple as the value. The tuple is formed from the following information:
- number of retries given to choose a new password
- minimum length of the password
- points for lowercase letters
- points for uppercase letters
- points for digital characters
- points for other characters
If you pass in a value of -1 for any of the fields in the tuple for the points in the character class, it is understood as being required.
--enablead
Sets up the Console OS to authenticate the user against an Active Directory server. addomain and addc are required with this option.
--addomain
Sets the domain against which the user is to be authenticated when authenticating against an Active Directory server.
--addc
Sets the domain controller against which the user's password should be checked.
--disableab
Reverts the changes required to authenticate the user against Active Directory.
--enablenis
This option can be used to setup the Console OS to authenticate the user against a NIS server. nisserver and nisdomain are required with this option.
--nisdomain
Specifies the domain name for the NIS server against which users should be authenticated.
--nisserver
Specifies the IP address where the NIS server is running.
--disablenis
Reverts the changes required to authenticate users against NIS.
--enablekrb5
Allows the user to be authenticated against a Kerberos Realm. With this option, --krb5realm, --krb5kdc, and --krb5adminserver options are needed.
--krb5realm
Defines the realm in which to authenticate the user.
--krb5kdc
Defines the Key Distribution Center for the Kerberos Realm.
--krb5adminserver
Defines the Administrative Server for the Kerberos 5 realm against which user should be checked.
--disablekrb5
Reverts the changes required to authenticate the user against a Keberos 5 Realm.
--enableldap
Enables the Console OS to attempt to get user credentials from an LDAP server.
--enableldapauth
Enables the Console OS to authenticate the user against an LDAP server.
--ldapserver
Sets the IP address of the server that is running the LDAP Directory.
--ldapbasedn
Sets the base DN with which to bind to the LDAP server.
--disableldap
Reverts the changes required to authenticate the user against an LDAP server.

 

4 Maggiewoods Loan
Falkirk, UK, FK1 5SJ
+44 (0)1324 621216
email:vmware@avarcher.net

AVArcher are a Citrix Alliance Partner

AVArcher are UK based VMware Authorised Consultants (VAC)

© 2002-2008 AVArcher