The password complexity policy for local users of the VMware Aria Operations for Logs appliance determines the password format requirements on the basis of an account-specific set of rules.

Table 1. Password Complexity Policy for VMware Aria Operations for Logs

Setting

Sample value

Description

dcredit

-1

Maximum number of digits that generate a credit

ucredit

-1

Maximum number of uppercase characters that generate a credit

lcredit

-1

Maximum number of lowercase characters that generate a credit

ocredit

-1

Maximum number of other characters that generate a credit

minlen

8

Minimum password length

minclass

4

Minimum number of character types that must be used (for example, uppercase, lowercase, digits, and so on)

difok

4

Minimum number of characters that must be different from the old password

retry

3

Maximum number of reties

maxrepeat

0

Maximum number of identical consecutive characters in the new password

remember

5

Maximum number of passwords the system remembers

Procedure

  1. Log in to VMware Aria Operations for Logs at <aria_operations_for_logs_fqdn>:22 as the root user by using a Secure Shell (SSH) client .
  2. Back up the /etc/pam.d/system-password file for the appliance.
    cp -p /etc/pam.d/system-password /etc/pam.d/system-password-`date +%F_%H:%M:%S`.back
  3. Configure the settings according to the requirements of your organization.

    sed -i -E '/pam_pwquality.so/ s/$/ dcredit=<your_value>/' /etc/pam.d/system-password
    sed -i -E '/pam_pwquality.so/ s/$/ ucredit=<your_value>/' /etc/pam.d/system-password
    sed -i -E '/pam_pwquality.so/ s/$/ lcredit=<your_value>/' /etc/pam.d/system-password
    sed -i -E '/pam_pwquality.so/ s/$/ ocredit=<your_value>/' /etc/pam.d/system-password
    sed -i -E '/pam_pwquality.so/ s/$/ minlen=<your_value>/' /etc/pam.d/system-password
    sed -i -E '/pam_pwquality.so/ s/$/ minclass=<your_value>/' /etc/pam.d/system-password
    sed -i -E '/pam_pwquality.so/ s/$/ difok=<your_value>/' /etc/pam.d/system-password
    sed -i -E '/pam_pwquality.so/ s/$/ maxrepeat=<your_value>/' /etc/pam.d/system-password
  4. Add the configuration for the root user.

    sed -i '/pam_pwquality.so/s/$/ enforce_for_root/' /etc/pam.d/system-password
  5. Add the retry and remember settings, using values that meet the requirements of your organization, and enable it for the root user.

    sed -i '/pam_unix.so/i password  required pam_pwhistory.so use_authtok enforce_for_root remember=5 retry=3' /etc/pam.d/system-password
  6. Verify the values.
    cat /etc/pam.d/system-password
  7. Repeat the procedure for each of the remaining VMware Aria Operations for Logs appliances.