Configure the Local User Password Complexity Policy for the HCX Connector Appliance for Cloud-Based Workload Protection for VMware Cloud Foundation

The password complexity policy for local users of the HCX Connector appliance determines the password format requirements on the basis of a specific set of rules.

Table 1. Default Password Complexity Policy for Local Users for the HCX Connector Appliance
Setting	Default	Description
`dcredit`	`1`	Maximum number of digits that will generate a credit
`ucredit`	`1`	Maximum number of uppercase characters that will generate a credit
`lcredit`	`1`	Maximum number of lowercase characters that will generate a credit
`ocredit`	`1`	Maximum number of other characters that will generate a credit
`minlen`	`8`	Minimum password length in character number
`minclass`	`4`	Minimum number of character types that must be used (that is, uppercase, lowercase, digits, other)
`difok`	`4`	Minimum number of characters that must be different from the old password
`retry`	`3`	Maximum number of retries
`maxrepeat`	`0`	Maximum number of times a single character may be repeated
`remember`	`5`	Maximum number of passwords the system remembers

Procedure

Activate Secure Shell (SSH) on the HCX Connector appliance.
1. Log in to the HCX Connector at https://<hcx_connector_fqdn>:9443 with a user account assigned the Admin role
2. On the main navigation bar, click Appliance Summary.
3. On the Appliance Summary page, under System Level Services, start the SSH Service.
Log in to the HCX Connector at <hcx_connector_fqdn>:22 as admin by using a Secure Shell (SSH) client.
Switch to the root user by running the command.
```
su -
```

Back up the /etc/security/pwquality.conf and /etc/pam.d/system-password files by running the following command.

cp -p /etc/security/pwquality.conf /etc/security/pwquality.conf-`date +%F_%H:%M:%S`.back
cp -p /etc/pam.d/system-password /etc/pam.d/system-password-`date +%F_%H:%M:%S`.back

Configure the settings according to the requirements of your organization by running the following commands.

sed -i -E 's/minlen=[-]?[0-9]+/minlen=<your_value>/g' /etc/security/pwquality.conf
sed -i -E 's/lcredit=[-]?[0-9]+/lcredit=<your_value>/g' /etc/security/pwquality.conf
sed -i -E 's/ocredit=[-]?[0-9]+/ocredit=<your_value>/g' /etc/security/pwquality.conf
sed -i -E 's/dcredit=[-]?[0-9]+/dcredit=<your_value>/g' /etc/security/pwquality.conf
sed -i -E 's/ucredit=[-]?[0-9]+/ucredit=<your_value>/g' /etc/security/pwquality.conf
sed -i -E 's/minclass=[-]?[0-9]+/minclass=<your_value>/g' /etc/security/pwquality.conf
sed -i -E 's/difok=[-]?[0-9]+/difok=<your_value>/g' /etc/security/pwquality.conf
sed -i -E 's/retry=[-]?[0-9]+/retry=<your_value>/g' /etc/security/pwquality.conf
sed -i -E 's/maxsequence=[-]?[0-9]+/maxrepeat=<your_value>/g' /etc/security/pwquality.conf
sed -i -E 's/remember=[-]?[0-9]+/remember=<your_value>/g' /etc/pam.d/system-password

Verify the configuration of the desired values by running the following command.
```
cat /etc/security/pwquality.conf
cat /etc/pam.d/system-password
```
Deactivate SSH on the HCX Connector appliance.
1. Log in to the HCX Connector at https://<hcx_connector_fqdn>:9443 again.
2. Stop the SSH Service.