Configure the Local User Password Complexity Policy for the HCX Connector Appliance for Cross Cloud Mobility for VMware Cloud Foundation

The password complexity policy for local users of the HCX Connector appliance determines the password format requirements on the basis of a specific set of rules.

Table 1. Default Password Complexity Policy for Local Users for the HCX Connector Appliance
Setting	Default	Description
`dcredit`	`1`	Maximum number of digits that will generate a credit
`ucredit`	`1`	Maximum number of uppercase characters that will generate a credit
`lcredit`	`1`	Maximum number of lowercase characters that will generate a credit
`ocredit`	`1`	Maximum number of other characters that will generate a credit
`minlen`	`8`	Minimum password length in character number
`minclass`	`4`	Minimum number of character types that must be used (that is, uppercase, lowercase, digits, other)
`difok`	`4`	Minimum number of characters that must be different from the old password
`retry`	`3`	Maximum number of retries
`maxrepeat`	`0`	Maximum number of times a single character may be repeated
`remember`	`10`	Maximum number of passwords the system remembers

Procedure

Log in to the HCX Connector at <hcx_connector_fqdn>:22 as admin by using a Secure Shell (SSH) client.
Switch to the root user by running the command.
```
su -
```

Back up the /etc/security/pwquality.conf file by running the following command.

cp -p /etc/security/pwquality.conf /etc/security/pwquality.conf-`date +%F_%H:%M:%S`.back

Configure the settings according to the requirements of your organization by running the following commands.

sed -i 's/^\s*#*\s*dcredit\s*=\s*[0-9]\+/dcredit=<your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*ucredit\s*=\s*[0-9]\+/ucredit=<your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*lcredit\s*=\s*[0-9]\+/lcredit=<your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*ocredit\s*=\s*[0-9]\+/ocredit=<your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*minlen\s*=\s*[0-9]\+/minlen=<your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*minclass\s*=\s*[0-9]\+/minclass=<your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*difok\s*=\s*[0-9]\+/difok=<your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*retry\s*=\s*[0-9]\+/retry=<your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*maxrepeat\s*=\s*[0-9]\+/maxrepeat=<your_value>/g' /etc/security/pwquality.conf

Back up the /etc/security/pwhistory.conf file for the appliance.

cp -p /etc/security/pwhistory.conf /etc/security/pwhistory.conf-`date +%F_%H:%M:%S`.back

Enable enforcement for the root user, and update the remember settings, using values according to the requirements of your organization by running the following commands.

sed -i 's/^# enforce_for_root/enforce_for_root/' /etc/security/pwhistory.conf
sed -i -E 's/^# remember = [-]?[0-9]+$/remember = <your_value>/g' /etc/security/pwhistory.conf

Verify the configuration of the desired values by running the following command.
```
cat /etc/security/pwquality.conf
cat /etc/security/pwhistory.conf
```
Repeat the procedure for any other HCX Connector appliances.