From VMware vSphere ESXi 6.0 Security Technical Implementation Guide
Part of SRG-OS-000480-VMM-002000
Associated with: CCI-000366
Systems must employ cryptographic hashes for passwords using the SHA-2 family of algorithms or FIPS 140-2 approved successors. The use of unapproved algorithms may result in weak password hashes more vulnerable to compromise.
To verify the password hash setting, run the following command: # grep -i "^password" /etc/pam.d/passwd | grep sufficient If sha512 is not listed, this is a finding.
To set the remember option, add or correct the following line in "/etc/pam.d/passwd": password sufficient /lib/security/$ISA/pam_unix.so use_authtok nullok shadow sha512 remember=5
Lavender hyperlinks in small type off to the right (of CSS
class id, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle or
Accept: application/rdf+xml.
Powered by sagemincer