The password complexity policy for local users of the VMware Aria Operations for Logs appliance determines the password format requirements on the basis of an account-specific set of rules.

Table 1. Password Complexity Policy for VMware Aria Operations for Logs

Setting

Sample value

Description

dcredit

-1

Maximum number of digits that generate a credit

ucredit

-1

Maximum number of uppercase characters that generate a credit

lcredit

-1

Maximum number of lowercase characters that generate a credit

ocredit

-1

Maximum number of other characters that generate a credit

minlen

8

Minimum password length

minclass

4

Minimum number of character types that must be used (for example, uppercase, lowercase, digits, and so on)

difok

4

Minimum number of characters that must be different from the old password

retry

3

Maximum number of reties

maxrepeat

0

Maximum number of identical consecutive characters in the new password

remember

5

Maximum number of passwords the system remembers

UI Procedure

  1. Log in to VMware Aria Operations for Logs at <aria_operations_for_logs_fqdn>:22 as the root user by using a Secure Shell (SSH) client .
  2. Back up the /etc/security/pwquality.conf file for the appliance.
    cp -p /etc/security/pwquality.conf /etc/security/pwquality.conf-`date +%F_%H:%M:%S`.back
  3. Configure the settings according to the requirements of your organization.

    sed -i -E 's/dcredit = [-]?[0-9]+$/dcredit = <your_value>/g' /etc/security/pwquality.conf
    sed -i -E 's/ucredit = [-]?[0-9]+$/ucredit = <your_value>/g' /etc/security/pwquality.conf
    sed -i -E 's/lcredit = [-]?[0-9]+$/lcredit = <your_value>/g' /etc/security/pwquality.conf
    sed -i -E 's/ocredit = [-]?[0-9]+$/ocredit = <your_value>/g' /etc/security/pwquality.conf
    sed -i 's/^\s*#*\s*minlen\s*=\s*[0-9]\+/minlen = <your_value>/g' /etc/security/pwquality.conf
    sed -i 's/^\s*#*\s*minclass\s*=\s*[0-9]\+/minclass = <your_value>/g' /etc/security/pwquality.conf
    sed -i -E 's/difok = [-]?[0-9]+$/difok = <your_value>/g' /etc/security/pwquality.conf
    sed -i 's/^\s*#*\s*maxrepeat\s*=\s*[0-9]\+/maxrepeat = <your_value>/g' /etc/security/pwquality.conf
    sed -i 's/^\s*#*\s*retry\s*=\s*[0-9]\+/retry = <your_value>/g' /etc/security/pwquality.conf
  4. Back up the /etc/security/pwhistory.conf file for the appliance.

    cp -p /etc/security/pwhistory.conf /etc/security/pwhistory.conf-`date +%F_%H:%M:%S`.back
  5. Enable it for the root user, and update the remember settings, using values that meet the requirements of your organization.

    sed -i 's/^# enforce_for_root/enforce_for_root/' /etc/security/pwhistory.conf
    sed -i -E 's/remember = [-]?[0-9]+$/remember = <your_value>/g' /etc/security/pwhistory.conf
  6. Verify the values.
    cat /etc/security/pwquality.conf
    cat /etc/security/pwhistory.conf
  7. Repeat the procedure for each of the remaining VMware Aria Operations for Logs appliances.

PowerShell Procedure

  1. Start PowerShell.
  2. Replace the values in the sample code and run the commands.
    Note: Do not change the value for the product variable.
    $sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io" 
    $sddcManagerUser = "[email protected]" 
    $sddcManagerPass = "VMw@re1!" 
    
    $product = "vrli"
    
    $minLength = "10" 
    $minLowercase = "1" 
    $minUppercase = "1" 
    $minNumerical = "1" 
    $minSpecial = "1" 
    $minUnique = "5" 
    $minClass = "3" 
    $maxSequence = "3" 
    $history = "10" 
    $maxRetry = "3"
  3. To get the current configuration, run the command.
    Request-AriaLocalUserPasswordComplexity -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -product $product
  4. To configure the local user password complexity policy, run the command.
    Update-AriaLocalUserPasswordComplexity -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -product $product -minLength $minLength -lowercase $minLowercase -uppercase $minUppercase -numerical $minNumerical -special $minSpecial -unique $minUnique -class $minClass -sequence $maxSequence -history $history -retry $maxRetry