The password complexity policy for local users of the HCX Connector appliance determines the password format requirements on the basis of a specific set of rules.
Setting |
Default |
Description |
---|---|---|
|
1 | Maximum number of digits that will generate a credit |
|
1 |
Maximum number of uppercase characters that will generate a credit |
|
1 |
Maximum number of lowercase characters that will generate a credit |
|
1 |
Maximum number of other characters that will generate a credit |
minlen |
8 | Minimum password length in character number |
|
4 |
Minimum number of character types that must be used (that is, uppercase, lowercase, digits, other) |
|
4 |
Minimum number of characters that must be different from the old password |
|
3 |
Maximum number of retries |
|
0 |
Maximum number of times a single character may be repeated |
|
5 |
Maximum number of passwords the system remembers |
Procedure
-
Activate Secure Shell (SSH) on the HCX Connector appliance.
- Log in to the HCX Connector at https://<hcx_connector_fqdn>:9443 with a user account assigned the Admin role
-
On the main navigation bar, click Appliance Summary.
-
On the Appliance Summary page, under System Level Services, start the SSH Service.
- Log in to the HCX Connector at <hcx_connector_fqdn>:22 as admin by using a Secure Shell (SSH) client.
- Switch to the root user by running the command.
su -
Back up the /etc/security/pwquality.conf and /etc/pam.d/system-password files by running the following command.
cp -p /etc/security/pwquality.conf /etc/security/pwquality.conf-`date +%F_%H:%M:%S`.back cp -p /etc/pam.d/system-password /etc/pam.d/system-password-`date +%F_%H:%M:%S`.back
Configure the settings according to the requirements of your organization by running the following commands.
sed -i -E 's/minlen=[-]?[0-9]+/minlen=<your_value>/g' /etc/security/pwquality.conf sed -i -E 's/lcredit=[-]?[0-9]+/lcredit=<your_value>/g' /etc/security/pwquality.conf sed -i -E 's/ocredit=[-]?[0-9]+/ocredit=<your_value>/g' /etc/security/pwquality.conf sed -i -E 's/dcredit=[-]?[0-9]+/dcredit=<your_value>/g' /etc/security/pwquality.conf sed -i -E 's/ucredit=[-]?[0-9]+/ucredit=<your_value>/g' /etc/security/pwquality.conf sed -i -E 's/minclass=[-]?[0-9]+/minclass=<your_value>/g' /etc/security/pwquality.conf sed -i -E 's/difok=[-]?[0-9]+/difok=<your_value>/g' /etc/security/pwquality.conf sed -i -E 's/retry=[-]?[0-9]+/retry=<your_value>/g' /etc/security/pwquality.conf sed -i -E 's/maxsequence=[-]?[0-9]+/maxrepeat=<your_value>/g' /etc/security/pwquality.conf sed -i -E 's/remember=[-]?[0-9]+/remember=<your_value>/g' /etc/pam.d/system-password
Verify the configuration of the desired values by running the following command.
cat /etc/security/pwquality.conf cat /etc/pam.d/system-password
-
Deactivate SSH on the HCX Connector appliance.
- Log in to the HCX Connector at https://<hcx_connector_fqdn>:9443 again.
- Stop the
SSH Service
.