By default, a 4.1 ESX server denies logins of standard users, while root access via ssh is enabled without problems. This has changed from 4.0 and has caused many headaches for those systems upgraded to 4.1.
Obviously, this is a security problem and something we do not want.
To protect your ESX server and restore standard user access, you have to replace the system-auth config file. In this event, an older 4.0 version of the file will do the job. Always remember to make a backup just in case something goes wrong (if it does and you don’t notice..you’re screwed, so pay attention)
paste this content inside the file:
# Autogenerated by esxcfg-auth
account required /lib/security/$ISA/pam_unix.so
auth required /lib/security/$ISA/pam_env.so
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
auth required /lib/security/$ISA/pam_deny.so
password requisite pam_cracklib.so try_first_pass retry=3 dcredit=-1 ucredit=0 ocredit=-1 lcredit=-1 minlen=8
password required /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
You can now login to your 4.1 ESX server using standard login. Now go and harden your server!