User management
Proper user management is a vital component of a secure environment. To be able to manage vSphere in a secure manner, administrators are expected to know and understand the logic behind users, groups, as well as roles and permissions in vCenter and ESXi.
The following sections focus on items mentioned earlier and the authentication process in general.
Authentication
When vCenter Server connects to ESXi, it authenticates the host using Pluggable Authentication Modules (PAM). PAM's configuration, including paths to authentication modules, is stored at /etc/pam.d/system-auth-generic. vCenter establishes a connection with the VMware Host Agent process. By default, the local password database is used for authentication.
vCenter Server users connect to the Host Agent process via TCP/80 and TCP/443 ports. The client sends the username and password to the host process. Host Agent process in turn passes these credentials to the PAM module that performs authentication.
VMware ESX is a...
