The password complexity policy for local users of the VMware Aria Operations for Logs appliance determines the password format requirements on the basis of an account-specific set of rules.
Setting |
Sample value |
Description |
---|---|---|
|
-1 |
Maximum number of digits that generate a credit |
|
-1 |
Maximum number of uppercase characters that generate a credit |
|
-1 |
Maximum number of lowercase characters that generate a credit |
|
-1 |
Maximum number of other characters that generate a credit |
|
8 |
Minimum password length |
|
4 |
Minimum number of character types that must be used (for example, uppercase, lowercase, digits, and so on) |
|
4 |
Minimum number of characters that must be different from the old password |
|
3 |
Maximum number of reties |
|
0 |
Maximum number of identical consecutive characters in the new password |
|
5 |
Maximum number of passwords the system remembers |
UI Procedure
- Log in to VMware Aria Operations for Logs at <aria_operations_for_logs_fqdn>:22 as the root user by using a Secure Shell (SSH) client .
- Back up the /etc/security/pwquality.conf file for the appliance.
cp -p /etc/security/pwquality.conf /etc/security/pwquality.conf-`date +%F_%H:%M:%S`.back
Configure the settings according to the requirements of your organization.
sed -i -E 's/dcredit = [-]?[0-9]+$/dcredit = <your_value>/g' /etc/security/pwquality.conf sed -i -E 's/ucredit = [-]?[0-9]+$/ucredit = <your_value>/g' /etc/security/pwquality.conf sed -i -E 's/lcredit = [-]?[0-9]+$/lcredit = <your_value>/g' /etc/security/pwquality.conf sed -i -E 's/ocredit = [-]?[0-9]+$/ocredit = <your_value>/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*minlen\s*=\s*[0-9]\+/minlen = <your_value>/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*minclass\s*=\s*[0-9]\+/minclass = <your_value>/g' /etc/security/pwquality.conf sed -i -E 's/difok = [-]?[0-9]+$/difok = <your_value>/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*maxrepeat\s*=\s*[0-9]\+/maxrepeat = <your_value>/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*retry\s*=\s*[0-9]\+/retry = <your_value>/g' /etc/security/pwquality.conf
Back up the /etc/security/pwhistory.conf file for the appliance.
cp -p /etc/security/pwhistory.conf /etc/security/pwhistory.conf-`date +%F_%H:%M:%S`.back
Enable it for the root user, and update the
remember
settings, using values that meet the requirements of your organization.sed -i 's/^# enforce_for_root/enforce_for_root/' /etc/security/pwhistory.conf sed -i -E 's/remember = [-]?[0-9]+$/remember = <your_value>/g' /etc/security/pwhistory.conf
- Verify the values.
cat /etc/security/pwquality.conf cat /etc/security/pwhistory.conf
- Repeat the procedure for each of the remaining VMware Aria Operations for Logs appliances.
PowerShell Procedure
- Start PowerShell.
- Replace the values in the sample code and run the commands.
Note: Do not change the value for the product variable.
$sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io" $sddcManagerUser = "[email protected]" $sddcManagerPass = "VMw@re1!" $product = "vrli" $minLength = "10" $minLowercase = "1" $minUppercase = "1" $minNumerical = "1" $minSpecial = "1" $minUnique = "5" $minClass = "3" $maxSequence = "3" $history = "10" $maxRetry = "3"
- To get the current configuration, run the command.
Request-AriaLocalUserPasswordComplexity -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -product $product
- To configure the local user password complexity policy, run the command.
Update-AriaLocalUserPasswordComplexity -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -product $product -minLength $minLength -lowercase $minLowercase -uppercase $minUppercase -numerical $minNumerical -special $minSpecial -unique $minUnique -class $minClass -sequence $maxSequence -history $history -retry $maxRetry