The password complexity policy for local users of the HCX Connector appliance determines the password format requirements on the basis of a specific set of rules.

Table 1. Default Password Complexity Policy for Local Users for the HCX Connector Appliance

Setting

Default

Description

dcredit

1

Maximum number of digits that will generate a credit

ucredit

1

Maximum number of uppercase characters that will generate a credit

lcredit

1

Maximum number of lowercase characters that will generate a credit

ocredit

1

Maximum number of other characters that will generate a credit

minlen 8

Minimum password length in character number

minclass

4

Minimum number of character types that must be used (that is, uppercase, lowercase, digits, other)

difok

4

Minimum number of characters that must be different from the old password

retry

3

Maximum number of retries

maxrepeat

0

Maximum number of times a single character may be repeated

remember

5

Maximum number of passwords the system remembers

Procedure

  1. Activate Secure Shell (SSH) on the HCX Connector appliance.

    1. Log in to the HCX Connector at https://<hcx_connector_fqdn>:9443 with a user account assigned the Admin role
    2. On the main navigation bar, click Appliance Summary.

    3. On the Appliance Summary page, under System Level Services, start the SSH Service.

  2. Log in to the HCX Connector at <hcx_connector_fqdn>:22 as admin by using a Secure Shell (SSH) client.
  3. Switch to the root user by running the command.
    su -
  4. Back up the /etc/security/pwquality.conf and /etc/pam.d/system-password files by running the following command.

    cp -p /etc/security/pwquality.conf /etc/security/pwquality.conf-`date +%F_%H:%M:%S`.back
    cp -p /etc/pam.d/system-password /etc/pam.d/system-password-`date +%F_%H:%M:%S`.back
  5. Configure the settings according to the requirements of your organization by running the following commands.

    sed -i -E 's/minlen=[-]?[0-9]+/minlen=<your_value>/g' /etc/security/pwquality.conf
    sed -i -E 's/lcredit=[-]?[0-9]+/lcredit=<your_value>/g' /etc/security/pwquality.conf
    sed -i -E 's/ocredit=[-]?[0-9]+/ocredit=<your_value>/g' /etc/security/pwquality.conf
    sed -i -E 's/dcredit=[-]?[0-9]+/dcredit=<your_value>/g' /etc/security/pwquality.conf
    sed -i -E 's/ucredit=[-]?[0-9]+/ucredit=<your_value>/g' /etc/security/pwquality.conf
    sed -i -E 's/minclass=[-]?[0-9]+/minclass=<your_value>/g' /etc/security/pwquality.conf
    sed -i -E 's/difok=[-]?[0-9]+/difok=<your_value>/g' /etc/security/pwquality.conf
    sed -i -E 's/retry=[-]?[0-9]+/retry=<your_value>/g' /etc/security/pwquality.conf
    sed -i -E 's/maxsequence=[-]?[0-9]+/maxrepeat=<your_value>/g' /etc/security/pwquality.conf
    sed -i -E 's/remember=[-]?[0-9]+/remember=<your_value>/g' /etc/pam.d/system-password
  6. Verify the configuration of the desired values by running the following command.

    cat /etc/security/pwquality.conf
    cat /etc/pam.d/system-password
  7. Deactivate SSH on the HCX Connector appliance.

    1. Log in to the HCX Connector at https://<hcx_connector_fqdn>:9443 again.
    2. Stop the SSH Service.