The password complexity policy for local users of the VMware Aria Automation appliances determines the password format requirements on the basis of an account-specific set of rules. By default, the password complexity settings are not present on VMware Aria Automation appliance. You must append the settings to the configuration file.

Table 1. Password Complexity Policy for VMware Aria Automation

Setting

Sample Value

Description

dcredit

0

Maximum number of digits that generate a credit

ucredit

0

Maximum number of uppercase characters that generate a credit

lcredit

0

Maximum number of lowercase characters that generate a credit

ocredit

0

Maximum number of other characters that generate a credit

minlen

8

Minimum password length (number of characters)

minclass

0

Minimum number of character types that must be used (for example, uppercase, lowercase, digits, and so on)

difok

1

Minimum number of characters that must be different from the old password

retry

3

Maximum number of retries

maxrepeat

0

Maximum number of times a single character can be repeated

remember

10

Maximum number of passwords the system remembers

Procedure

  1. Log in to the primary VMware Aria Automation node by using a Secure Shell (SSH) client at <aria_automation_primary_node_fqdn>:22 as root.

  2. Back up the /etc/security/pwquality.conf file for the appliance.

    cp -p /etc/security/pwquality.conf /etc/security/pwquality.conf-`date +%F_%H:%M:%S`.back
  3. Configure the settings according to the requirements of your organization.
    sed -i 's/^\s*#*\s*dcredit\s*=\s*[0-9]\+/dcredit=<your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*ucredit\s*=\s*[0-9]\+/ucredit=<your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*lcredit\s*=\s*[0-9]\+/lcredit=<your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*ocredit\s*=\s*[0-9]\+/ocredit=<your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*minlen\s*=\s*[0-9]\+/minlen=<your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*minclass\s*=\s*[0-9]\+/minclass=<your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*difok\s*=\s*[0-9]\+/difok=<your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*retry\s*=\s*[0-9]\+/retry=<your_value>/g' /etc/security/pwquality.conf
sed -i 's/^\s*#*\s*maxrepeat\s*=\s*[0-9]\+/maxrepeat=<your_value>/g' /etc/security/pwquality.conf

  4. Back up the /etc/security/pwhistory.conf file for the appliance.

    cp -p /etc/security/pwhistory.conf /etc/security/pwhistory.conf-`date +%F_%H:%M:%S`.back

  5. Enable enforcement for the root user, and update the remember settings, using values according to the requirements of your organization by running the following commands.

    sed -i 's/^# enforce_for_root/enforce_for_root/' /etc/security/pwhistory.conf
sed -i -E 's/^# remember = [-]?[0-9]+$/remember = <your_value>/g' /etc/security/pwhistory.conf

  6. Verify the configuration of the desired values by running the following command

    cat /etc/security/pwquality.conf
cat /etc/security/pwhistory.conf

  7. Repeat the procedure for the remaining VMware Aria Automation appliances.