The password complexity policy for local users of the VMware Aria Operations appliances and the VMware Cloud Proxy appliances determines the password format requirements on the basis of an account-specific set of rules.
Setting | Default Value |
Description |
---|---|---|
|
-1 |
Maximum number of digits that generate a credit |
|
-1 |
Maximum number of uppercase characters that generate a credit |
|
-1 |
Maximum number of lowercase characters that generate a credit |
|
-1 |
Maximum number of other characters that generate a credit |
|
8 |
Minimum password length (number of characters) |
|
4 |
Minimum number of character types that must be used (for example, uppercase, lowercase, digits, and so on) |
|
4 |
Minimum number of characters that must be different from the old password |
|
3 |
Maximum number of retries |
|
0 |
Maximum number of identical consecutive characters in the new password |
|
5 |
Maximum number of passwords the system remembers |
Procedure
- Log in to the primary VMware Aria Operations node by using a Secure Shell (SSH) client at <aria_operations_primary_node_fqdn> as root.
- Back up the /etc/security/pwquality.conf file for the appliance.
cp -p /etc/security/pwquality.conf /etc/security/pwquality.conf-`date +%F_%H:%M:%S`.back
- Configure the settings according to the requirements of your organization.
sed -i -E 's/dcredit = [-]?[0-9]+$/dcredit = <your_value>/g' /etc/security/pwquality.conf sed -i -E 's/ucredit = [-]?[0-9]+$/ucredit = <your_value>/g' /etc/security/pwquality.conf sed -i -E 's/lcredit = [-]?[0-9]+$/lcredit = <your_value>/g' /etc/security/pwquality.conf sed -i -E 's/ocredit = [-]?[0-9]+$/ocredit = <your_value>/g' /etc/security/pwquality.conf sed -i -E 's/minlen = [-]?[0-9]+$/minlen = <your_value>/g' /etc/security/pwquality.conf sed -i -E 's/minclass = [-]?[0-9]+$/minclass = <your_value>/g' /etc/security/pwquality.conf sed -i -E 's/difok = [-]?[0-9]+$/difok = <your_value>/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*maxrepeat\s*=\s*[0-9]\+/maxrepeat = <your_value>/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*retry\s*=\s*[0-9]\+/retry = <your_value>/g' /etc/security/pwquality.conf
Back up the /etc/security/pwhistory.conf file for the appliance.
cp -p /etc/security/pwhistory.conf /etc/security/pwhistory.conf-`date +%F_%H:%M:%S`.back
Enable it for the root user, and update the
remember
settings, using values that meet the requirements of your organization.sed -i 's/^# enforce_for_root/enforce_for_root/' /etc/security/pwhistory.conf sed -i -E 's/remember = [-]?[0-9]+$/remember = <your_value>/g' /etc/security/pwhistory.conf
Verify the values.
cat /etc/security/pwquality.conf cat /etc/security/pwhistory.conf
Repeat the procedure for the remaining VMware Aria Operations appliances and the VMware Cloud Proxy appliances.