The password complexity policy for local users of the VMware Aria Automation appliances determines the password format requirements on the basis of an account-specific set of rules. By default, the password complexity settings are not present on VMware Aria Automation appliance. You must append the settings to the configuration file.
Setting |
Sample Value |
Description |
---|---|---|
|
0 |
Maximum number of digits that generate a credit |
|
0 |
Maximum number of uppercase characters that generate a credit |
|
0 |
Maximum number of lowercase characters that generate a credit |
|
0 |
Maximum number of other characters that generate a credit |
|
8 |
Minimum password length (number of characters) |
|
0 |
Minimum number of character types that must be used (for example, uppercase, lowercase, digits, and so on) |
|
1 |
Minimum number of characters that must be different from the old password |
|
3 |
Maximum number of retries |
|
0 |
Maximum number of times a single character can be repeated |
|
10 |
Maximum number of passwords the system remembers |
Procedure
- Log in to the primary VMware Aria Automation node by using a Secure Shell (SSH) client at <aria_automation_primary_node_fqdn>:22 as root.
Back up the /etc/security/pwquality.conf file for the appliance.
cp -p /etc/security/pwquality.conf /etc/security/pwquality.conf-`date +%F_%H:%M:%S`.back
- Configure the settings according to the requirements of your organization.
sed -i 's/^\s*#*\s*dcredit\s*=\s*[0-9]\+/dcredit=
<your_value>
/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*ucredit\s*=\s*[0-9]\+/ucredit=<your_value>
/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*lcredit\s*=\s*[0-9]\+/lcredit=<your_value>
/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*ocredit\s*=\s*[0-9]\+/ocredit=<your_value>
/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*minlen\s*=\s*[0-9]\+/minlen=<your_value>
/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*minclass\s*=\s*[0-9]\+/minclass=<your_value>
/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*difok\s*=\s*[0-9]\+/difok=<your_value>
/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*retry\s*=\s*[0-9]\+/retry=<your_value>
/g' /etc/security/pwquality.conf sed -i 's/^\s*#*\s*maxrepeat\s*=\s*[0-9]\+/maxrepeat=<your_value>
/g' /etc/security/pwquality.conf Back up the /etc/security/pwhistory.conf file for the appliance.
cp -p /etc/security/pwhistory.conf /etc/security/pwhistory.conf-`date +%F_%H:%M:%S`.back
Enable enforcement for the root user, and update the
remember
settings, using values according to the requirements of your organization by running the following commands.sed -i 's/^# enforce_for_root/enforce_for_root/' /etc/security/pwhistory.conf sed -i -E 's/^# remember = [-]?[0-9]+$/remember =
<your_value>
/g' /etc/security/pwhistory.confVerify the configuration of the desired values by running the following command
cat /etc/security/pwquality.conf cat /etc/security/pwhistory.conf
Repeat the procedure for the remaining VMware Aria Automation appliances.