The password complexity policy for local users of the VMware Aria Automation appliances determines the password format requirements on the basis of an account-specific set of rules. By default, the password complexity settings are not present on a VMware Aria Automation appliance. You must append the settings to the configuration file.
Setting |
Default |
Description |
|---|---|---|
|
- |
Minimum number of numerical characters required. |
|
- |
Minimum number of uppercase characters required. |
|
- |
Minimum number of lowercase characters required. |
|
- |
Minimum number of special characters required. |
|
8 |
Minimum total number of characters required. |
|
- |
Minimum number of character classes required (e.g., uppercase, lowercase, numerical, special.) |
|
1 |
Minimum number of unique characters different from the previous password. |
|
3 |
Maximum number of retries allowed. |
|
- |
Maximum number of sequential characters allowed. |
|
10 |
Maximum number of previous passwords remembered. |
UI Procedure
- Log in to the primary VMware Aria Automation node by using a Secure Shell (SSH) client at <aria_automation_primary_node_fqdn>:22 as root.
-
Back up the /etc/security/pwquality.conf file for the appliance.
cp -p /etc/security/pwquality.conf /etc/security/pwquality.conf-`date +%F_%H:%M:%S`.back
- Configure the settings according to the requirements of your organization.
sed -i 's/^\s*#*\s*dcredit\s*=\s*[0-9]\+/dcredit=
<your_value>/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*ucredit\s*=\s*[0-9]\+/ucredit=<your_value>/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*lcredit\s*=\s*[0-9]\+/lcredit=<your_value>/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*ocredit\s*=\s*[0-9]\+/ocredit=<your_value>/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*minlen\s*=\s*[0-9]\+/minlen=<your_value>/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*minclass\s*=\s*[0-9]\+/minclass=<your_value>/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*difok\s*=\s*[0-9]\+/difok=<your_value>/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*retry\s*=\s*[0-9]\+/retry=<your_value>/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*maxrepeat\s*=\s*[0-9]\+/maxrepeat=<your_value>/g' /etc/security/pwquality.conf -
Back up the /etc/security/pwhistory.conf file for the appliance.
cp -p /etc/security/pwhistory.conf /etc/security/pwhistory.conf-`date +%F_%H:%M:%S`.back
-
Enable enforcement for the root user, and update the
remembersettings, using values according to the requirements of your organization by running the following commands.sed -i 's/^# enforce_for_root/enforce_for_root/' /etc/security/pwhistory.conf sed -i -E 's/^# remember = [-]?[0-9]+$/remember =
<your_value>/g' /etc/security/pwhistory.conf -
Verify the configuration of the desired values by running the following command
cat /etc/security/pwquality.conf cat /etc/security/pwhistory.conf
-
Repeat the procedure for the remaining VMware Aria Automation appliances.
PowerShell Procedure
-
Start PowerShell.
-
Replace the values in the sample code and run the commands.
$sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io" $sddcManagerUser = "[email protected]" $sddcManagerPass = "VMw@re1!" $minNumerical = "1" $minUppercase = "1" $minLowercase = "1" $minSpecial = "1" $minLength = "15" $minClass = "3" $minUnique = "5" $maxRetry = "3" $maxSequence = "1" $history = "10"
- To get the current configuration, run the command.
Request-AriaLocalUserPasswordComplexity -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -product vra
-
To configure the local user password complexity policy, run the command.
Update-AriaLocalUserPasswordComplexity -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -product vra -numerical $minNumerical -uppercase $minUppercase -lowercase $minLowercase -special $minSpecial -minLength $minLength -unique $minUnique -class $minClass -retry $maxRetry -sequence $maxSequence -history $history
-
Run the command in Step 3 to get the updated configuration.
