Configure the Local User Password Complexity Policy for the Intelligent Logging and Analytics for VMware Cloud Foundation

The password complexity policy for local users of the VMware Aria Operations for Logs appliance determines the password format requirements on the basis of an account-specific set of rules.

Table 1. Password Complexity Policy for VMware Aria Operations for Logs
Setting	Default	Description
`dcredit`	`-1`	Minimum number of numerical characters required.
`ucredit`	`-1`	Minimum number of uppercase characters required.
`lcredit`	`-1`	Minimum number of lowercase characters required.
`ocredit`	`-1`	Minimum number of special characters required.
`minlen`	`8`	Minimum total number of characters required.
`minclass`	`4`	Minimum number of character classes required (e.g., uppercase, lowercase, numerical, special.)
`difok`	`4`	Minimum number of unique characters different from the previous password.
`retry`	`3`	Maximum number of retries allowed.
`maxrepeat`	`0`	Maximum number of sequential characters allowed.
`remember`	`5`	Maximum number of previous passwords remembered.

UI Procedure

Log in to VMware Aria Operations for Logs at <aria_operations_for_logs_fqdn>:22 as the root user by using a Secure Shell (SSH) client .

Back up the /etc/security/pwquality.conf file for the appliance.

cp -p /etc/security/pwquality.conf /etc/security/pwquality.conf-`date +%F_%H:%M:%S`.back

Configure the settings according to the requirements of your organization.

sed -i -E 's/dcredit = [-]?[0-9]+$/dcredit = <your_value>/g' /etc/security/pwquality.conf
sed -i -E 's/ucredit = [-]?[0-9]+$/ucredit = <your_value>/g' /etc/security/pwquality.conf
sed -i -E 's/lcredit = [-]?[0-9]+$/lcredit = <your_value>/g' /etc/security/pwquality.conf
sed -i -E 's/ocredit = [-]?[0-9]+$/ocredit = <your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*minlen\s*=\s*[0-9]\+/minlen = <your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*minclass\s*=\s*[0-9]\+/minclass = <your_value>/g' /etc/security/pwquality.conf
sed -i -E 's/difok = [-]?[0-9]+$/difok = <your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*maxrepeat\s*=\s*[0-9]\+/maxrepeat = <your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*retry\s*=\s*[0-9]\+/retry = <your_value>/g' /etc/security/pwquality.conf

Back up the /etc/security/pwhistory.conf file for the appliance.

cp -p /etc/security/pwhistory.conf /etc/security/pwhistory.conf-`date +%F_%H:%M:%S`.back

Enable it for the root user, and update the remember settings, using values that meet the requirements of your organization.

sed -i 's/^# enforce_for_root/enforce_for_root/' /etc/security/pwhistory.conf
sed -i -E 's/remember = [-]?[0-9]+$/remember = <your_value>/g' /etc/security/pwhistory.conf

Verify the values.

cat /etc/security/pwquality.conf
cat /etc/security/pwhistory.conf

Repeat the procedure for each of the remaining VMware Aria Operations for Logs appliances.

PowerShell Procedure

Start PowerShell.

Replace the values in the sample code and run the commands.

$sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io" 
$sddcManagerUser = "[email protected]" 
$sddcManagerPass = "VMw@re1!" 

$minNumerical = "1" 
$minUppercase = "1" 
$minLowercase = "1" 
$minSpecial = "1" 
$minLength = "15" 
$minClass = "3" 
$minUnique = "5" 
$maxRetry = "3"
$maxSequence = "1"
$history = "10"

To get the current configuration, run the command.

Request-AriaLocalUserPasswordComplexity -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -product vrli

To configure the local user password complexity policy, run the command.

Update-AriaLocalUserPasswordComplexity -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -product vrli -numerical $minNumerical -uppercase $minUppercase -lowercase $minLowercase -special $minSpecial -minLength $minLength -unique $minUnique -class $minClass -retry $maxRetry -sequence $maxSequence -history $history

Run the command in Step 3 to get the updated configuration.