{"id":320,"date":"2020-01-25T11:59:18","date_gmt":"2020-01-25T10:59:18","guid":{"rendered":"http:\/\/blog.mhasin.eu\/?p=320"},"modified":"2020-01-25T19:27:35","modified_gmt":"2020-01-25T18:27:35","slug":"esxi-6-7-restart-zablokovaneho-root-uctu-praca-s-uzivatelmi","status":"publish","type":"post","link":"https:\/\/blog.mhasin.eu\/?p=320","title":{"rendered":"ESXi 6.7 re\u0161tart zablokovan\u00e9ho root \u00fa\u010dtu pr\u00e1ca s u\u017e\u00edvate\u013emi"},"content":{"rendered":"\n
Pri zablokovan\u00ed root \u00fa\u010dtu je potrebne na ESXi aktivova\u0165 shell a n\u00e1sledne pomocou pr\u00edkazov vy\u010disti\u0165 po\u010d\u00edtadlo neplatn\u00fdch prihl\u00e1sen\u00ed<\/p>\n\n\n\n
Zobrazenie poctu ne\u00faspe\u0161n\u00fdch prihl\u00e1sen\u00ed root \u00fa\u010dtu do ESXi prostredia:<\/p>\n\n\n\n
Bezpe\u010dnostne politiky v ESXi je mo\u017ene definova\u0165 pre ka\u017ed\u00e9 ESXi zvl\u00e1\u0161\u0165. ESXi 6.x ma preddefinovan\u00e9 bezpe\u010dnostne politiky sily hesla pre u\u017e\u00edvate\u013eov. Politiky pre heslo platne v ESXi 6.x<\/p>\n\n\n\n
Ve\u013ek\u00e9 p\u00edsmeno na za\u010diatku sa nepo\u010d\u00edtaj\u00fa do po\u010dtu znakov<\/li>
\u010c\u00edslica ktor\u00e1 kon\u010d\u00ed v hesle sa nezapo\u010d\u00edtava do poctu znakov <\/li>
Heslo by nemalo byt prelomiteln\u00e9 slovn\u00edkov\u00fdm \u00fatokom<\/li><\/ul>\n\n\n\n
Tieto nastavenia je mo\u017ene zmeni\u0165 v polo\u017eke „Advanced settings“<\/p>\n\n\n\n<\/figure>\n\n\n\n
Security.AccountLockFailures – Ur\u010duje po\u010det ne\u00faspe\u0161n\u00fdch prihl\u00e1sen\u00ed po ktor\u00fdch d\u00f4jde k zablokovaniu \u00fa\u010dtu. Zadan\u00edm 0 d\u00f4jde k vypnutiu blokovania \u00fa\u010dtu. (Predvolen\u00e1 hodnota 5)<\/li>
Security.AccountUnlockTime – Ur\u010duje \u010das po ktorom sa odomkne zablokovan\u00fd \u00fa\u010det. (Predvolen\u00e1 hodnota 900)<\/li>
Security.PasswordHistory – Hist\u00f3ria hesiel zamedzuj\u00faca zmene expirovan\u00e9ho hesla na rovnak\u00e9 povodne heslo. Vypnutie tejto mo\u017enosti je mo\u017ene zadan\u00edm 0. (Predvolen\u00e1 hodnota 0)<\/li>
Security.PasswordMaxDays – Ur\u010duje dl\u00e1\u017eku platnosti hesla. (Predvolen\u00e1 hodnota 99999)<\/li>
Security.PasswordQualityControl – Definuje politiku ur\u010denia sily hesla. (Predvolen\u00e1 hodnota retry=3 min=disabled,disabled,disabled,7,7) <\/li><\/ul>\n\n\n\n
Parameter min=disabled,disabled,disabled,7,7 je rozdelen\u00fd na mo\u017enosti N0-N4:<\/p>\n\n\n\n
N0 – Po\u010det znakov ktor\u00fd je potrebn\u00fd ak heslo obsahuje iba jeden druh znakov<\/li>
N1 – Po\u010det znakov ktor\u00fd je potrebn\u00fd ak heslo obsahuje dva druhy znakov v hesla (napr\u00edklad ve\u013ek\u00e9 a male p\u00edsmena)<\/li>
N2 – Po\u010det znakov ak heslo obsahuje fr\u00e1zu (slovn\u00edkov\u00e9 slovo)<\/li>
N3 – Po\u010det znakov ak heslo obsahuje tri druhy znakov (napr\u00edklad ve\u013ek\u00e9 p\u00edsmena, male p\u00edsmena \u010d\u00edsla)<\/li>
N4 – Po\u010det znakov ak heslo obsahuje v\u0161etky 4 mo\u017enosti znakov v hesle (napr\u00edklad ve\u013ek\u00e9 p\u00edsmena, male p\u00edsmena \u010d\u00edsla, \u0161peci\u00e1lne znaky) <\/li><\/ul>\n\n\n\n
Konfigur\u00e1ciu je mo\u017ene overi\u0165 v s\u00fabore:<\/p>\n\n\n\n
vi \/etc\/pam.d\/passwd<\/code><\/pre>\n\n\n\n<\/figure>\n
![\"\"](\"https:\/\/blog.mhasin.eu\/wp-content\/uploads\/2020\/01\/Capture-1.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/blog.mhasin.eu\/wp-content\/uploads\/2020\/01\/Password-complexity-settings-view-via-Putty-client-720x170-1.png\")
<\/figure>\n \t