This is a quick blog post on how to bypass BAD PASSWORD: it is based on a dictionary word for vCenter VCSA root account. You will need SSH for this.
New password:
BAD PASSWORD: it is based on a dictionary word
passwd: Authentication token manipulation error
passwd: password unchanged
The bypass was actually easy. Presumably you’re already SSH’d in as root, so you just need to edit /etc/pam.d/system-password so ssh to the VCSA and type vi /etc/pam.d/system-password
# Begin /etc/pam.d/system-password
# use sha512 hash for encryption, use shadow, and try to use any previously
# defined authentication token (chosen password) set by any prior module
password requisite pam_cracklib.so dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minlen=6 difok=4 enforce_for_root
password required pam_pwhistory.so debug use_authtok enforce_for_root remember=5
password required pam_unix.so sha512 use_authtok shadow try_first_pass
# End /etc/pam.d/system-password
Remove enforce_for_root from the first line with pam_cracklib.so. Save the file, no need to restart any services, and retry passwd. Line 5
New password:
BAD PASSWORD: it is based on a dictionary word
Retype new password:
passwd: password updated successfully
After that, re-added enforce_for_root back on line 5. enjoy