Wednesday, October 22, 2014

How to Change Esxi Password Complexity

Change Default Password Complexity for the pam_passwdqc.so Plug-In in /etc/pam.d/passwd

How to edit the /etc/pam.d/passwd file

1 Log in to the ESXi Shell and acquire root privileges.

2 Open the passwd file with the vi editor.

# vi /etc/pam.d/passwd

3 Edit the following line.

password requisite /lib/security/$ISA/pam_passwdqc.so retry=N min=N0,N1,N2,N3,N4

4 Save the file.

Example: Editing /etc/pam.d/passwd

password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=8,8,8,7,6

With this setting in effect, the password requirements are:

n retry=3: A user is allowed 3 attempts to enter a valid password.

N0=8: Passwords containing characters from one character class must be at least 8 characters long.
For example, all lowercase letters

N1=9: Passwords containing characters from two character classes must be at least 8 characters long.
For example, all lowercase or uppercase letters

N2=8: Passphrases must contain words that are each at least 8 characters long.
For example, lowercase, uppercase and numbers

N3=7: Passwords containing characters from three character classes must be at least 7 characters long.

N4=6: Passwords containing characters from all four character classes must be at least 6 characters long

No comments:

Post a Comment