The password complexity policy for local users of the VMware Aria Operations for Logs appliance determines the password format requirements on the basis of an account-specific set of rules.
Setting |
Sample value |
Description |
---|---|---|
|
-1 |
Maximum number of digits that generate a credit |
|
-1 |
Maximum number of uppercase characters that generate a credit |
|
-1 |
Maximum number of lowercase characters that generate a credit |
|
-1 |
Maximum number of other characters that generate a credit |
|
8 |
Minimum password length |
|
4 |
Minimum number of character types that must be used (for example, uppercase, lowercase, digits, and so on) |
|
4 |
Minimum number of characters that must be different from the old password |
|
3 |
Maximum number of reties |
|
0 |
Maximum number of identical consecutive characters in the new password |
|
5 |
Maximum number of passwords the system remembers |
Procedure
- Log in to VMware Aria Operations for Logs at <aria_operations_for_logs_fqdn>:22 as the root user by using a Secure Shell (SSH) client .
- Back up the /etc/security/pwquality.conf file for the appliance.
cp -p /etc/security/pwquality.conf /etc/security/pwquality.conf-`date +%F_%H:%M:%S`.back
-
Configure the settings according to the requirements of your organization.
sed -i -E 's/dcredit = [-]?[0-9]+$/dcredit = <your_value>/g' /etc/security/pwquality.conf sed -i -E 's/ucredit = [-]?[0-9]+$/ucredit = <your_value>/g' /etc/security/pwquality.conf sed -i -E 's/lcredit = [-]?[0-9]+$/lcredit = <your_value>/g' /etc/security/pwquality.conf sed -i -E 's/ocredit = [-]?[0-9]+$/ocredit = <your_value>/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*minlen\s*=\s*[0-9]\+/minlen = <your_value>/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*minclass\s*=\s*[0-9]\+/minclass = <your_value>/g' /etc/security/pwquality.conf sed -i -E 's/difok = [-]?[0-9]+$/difok = <your_value>/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*maxrepeat\s*=\s*[0-9]\+/maxrepeat = <your_value>/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*retry\s*=\s*[0-9]\+/retry = <your_value>/g' /etc/security/pwquality.conf
-
Back up the /etc/security/pwhistory.conf file for the appliance.
cp -p /etc/security/pwhistory.conf /etc/security/pwhistory.conf-`date +%F_%H:%M:%S`.back
-
Enable it for the root user, and update the
remember
settings, using values that meet the requirements of your organization.sed -i 's/^# enforce_for_root/enforce_for_root/' /etc/security/pwhistory.conf sed -i -E 's/remember = [-]?[0-9]+$/remember = <your_value>/g' /etc/security/pwhistory.conf
- Verify the values.
cat /etc/security/pwquality.conf cat /etc/security/pwhistory.conf
- Repeat the procedure for each of the remaining VMware Aria Operations for Logs appliances.