Configure the Local User Password Complexity Policy for Intelligent Operations Management for VMware Cloud Foundation

The password complexity policy for local users of the VMware Aria Operations appliances and the VMware Cloud Proxy appliances determines the password format requirements on the basis of an account-specific set of rules.

Table 1. Password Complexity for VMware Aria Operations
Setting	Default Value	Description
`dcredit`	`-1`	Maximum number of digits that generate a credit
`ucredit`	`-1`	Maximum number of uppercase characters that generate a credit
`lcredit`	`-1`	Maximum number of lowercase characters that generate a credit
`ocredit`	`-1`	Maximum number of other characters that generate a credit
`minlen`	`8`	Minimum password length (number of characters)
`minclass`	`4`	Minimum number of character types that must be used (for example, uppercase, lowercase, digits, and so on)
`difok`	`4`	Minimum number of characters that must be different from the old password
`retry`	`3`	Maximum number of retries
`maxrepeat`	`0`	Maximum number of identical consecutive characters in the new password
`remember`	`5`	Maximum number of passwords the system remembers

Procedure

Log in to the primary VMware Aria Operations node by using a Secure Shell (SSH) client at <aria_operations_primary_node_fqdn> as root.

Back up the /etc/security/pwquality.conf file for the appliance.

cp -p /etc/security/pwquality.conf /etc/security/pwquality.conf-`date +%F_%H:%M:%S`.back

Configure the settings according to the requirements of your organization.

sed -i -E 's/dcredit = [-]?[0-9]+$/dcredit = <your_value>/g' /etc/security/pwquality.conf
sed -i -E 's/ucredit = [-]?[0-9]+$/ucredit = <your_value>/g' /etc/security/pwquality.conf
sed -i -E 's/lcredit = [-]?[0-9]+$/lcredit = <your_value>/g' /etc/security/pwquality.conf
sed -i -E 's/ocredit = [-]?[0-9]+$/ocredit = <your_value>/g' /etc/security/pwquality.conf
sed -i -E 's/minlen = [-]?[0-9]+$/minlen = <your_value>/g' /etc/security/pwquality.conf
sed -i -E 's/minclass = [-]?[0-9]+$/minclass = <your_value>/g' /etc/security/pwquality.conf
sed -i -E 's/difok = [-]?[0-9]+$/difok = <your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*maxrepeat\s*=\s*[0-9]\+/maxrepeat = <your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*retry\s*=\s*[0-9]\+/retry = <your_value>/g' /etc/security/pwquality.conf

Back up the /etc/security/pwhistory.conf file for the appliance.

cp -p /etc/security/pwhistory.conf /etc/security/pwhistory.conf-`date +%F_%H:%M:%S`.back

Enable it for the root user, and update the remember settings, using values that meet the requirements of your organization.

sed -i 's/^# enforce_for_root/enforce_for_root/' /etc/security/pwhistory.conf
sed -i -E 's/remember = [-]?[0-9]+$/remember = <your_value>/g' /etc/security/pwhistory.conf

Verify the values.

cat /etc/security/pwquality.conf
cat /etc/security/pwhistory.conf

Repeat the procedure for the remaining VMware Aria Operations appliances and the VMware Cloud Proxy appliances.