Configure the Local User Password Complexity Policy for the Intelligent Logging and Analytics for VMware Cloud Foundation

The password complexity policy for local users of the VMware Aria Operations for Logs appliance determines the password format requirements on the basis of an account-specific set of rules.

Table 1. Password Complexity Policy for VMware Aria Operations for Logs
Setting	Sample value	Description
`dcredit`	`-1`	Maximum number of digits that generate a credit
`ucredit`	`-1`	Maximum number of uppercase characters that generate a credit
`lcredit`	`-1`	Maximum number of lowercase characters that generate a credit
`ocredit`	`-1`	Maximum number of other characters that generate a credit
`minlen`	`8`	Minimum password length
`minclass`	`4`	Minimum number of character types that must be used (for example, uppercase, lowercase, digits, and so on)
`difok`	`4`	Minimum number of characters that must be different from the old password
`retry`	`3`	Maximum number of reties
`maxrepeat`	`0`	Maximum number of identical consecutive characters in the new password
`remember`	`5`	Maximum number of passwords the system remembers

Procedure

Log in to VMware Aria Operations for Logs at <aria_operations_for_logs_fqdn>:22 as the root user by using a Secure Shell (SSH) client .

Back up the /etc/security/pwquality.conf file for the appliance.

cp -p /etc/security/pwquality.conf /etc/security/pwquality.conf-`date +%F_%H:%M:%S`.back

Configure the settings according to the requirements of your organization.

sed -i -E 's/dcredit = [-]?[0-9]+$/dcredit = <your_value>/g' /etc/security/pwquality.conf
sed -i -E 's/ucredit = [-]?[0-9]+$/ucredit = <your_value>/g' /etc/security/pwquality.conf
sed -i -E 's/lcredit = [-]?[0-9]+$/lcredit = <your_value>/g' /etc/security/pwquality.conf
sed -i -E 's/ocredit = [-]?[0-9]+$/ocredit = <your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*minlen\s*=\s*[0-9]\+/minlen = <your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*minclass\s*=\s*[0-9]\+/minclass = <your_value>/g' /etc/security/pwquality.conf
sed -i -E 's/difok = [-]?[0-9]+$/difok = <your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*maxrepeat\s*=\s*[0-9]\+/maxrepeat = <your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*retry\s*=\s*[0-9]\+/retry = <your_value>/g' /etc/security/pwquality.conf

Back up the /etc/security/pwhistory.conf file for the appliance.

cp -p /etc/security/pwhistory.conf /etc/security/pwhistory.conf-`date +%F_%H:%M:%S`.back

Enable it for the root user, and update the remember settings, using values that meet the requirements of your organization.

sed -i 's/^# enforce_for_root/enforce_for_root/' /etc/security/pwhistory.conf
sed -i -E 's/remember = [-]?[0-9]+$/remember = <your_value>/g' /etc/security/pwhistory.conf

Verify the values.

cat /etc/security/pwquality.conf
cat /etc/security/pwhistory.conf

Repeat the procedure for each of the remaining VMware Aria Operations for Logs appliances.