This is a quick blog post on how to bypass BAD PASSWORD: it is based on a dictionary word for vCenter VCSA root account. You will need SSH for this.
New password: BAD PASSWORD: it is based on a dictionary word passwd: Authentication token manipulation error passwd: password unchanged
The bypass was actually easy. Presumably you’re already SSH’d in as root, so you just need to edit /etc/pam.d/system-password so ssh to the VCSA and type vi /etc/pam.d/system-password
# Begin /etc/pam.d/system-password # use sha512 hash for encryption, use shadow, and try to use any previously # defined authentication token (chosen password) set by any prior module password requisite pam_cracklib.so dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minlen=6 difok=4 enforce_for_root password required pam_pwhistory.so debug use_authtok enforce_for_root remember=5 password required pam_unix.so sha512 use_authtok shadow try_first_pass # End /etc/pam.d/system-password
Remove enforce_for_root from the first line with pam_cracklib.so. Save the file, no need to restart any services, and retry passwd. Line 5
New password: BAD PASSWORD: it is based on a dictionary word Retype new password: passwd: password updated successfully
After that, re-added enforce_for_root back on line 5. enjoy