Wednesday, August 19, 2015

Change ESXi Password Complexity

1. Log in to the ESXi Shell and acquire root privileges.

2. Open the passwd file with the vi editor.

# vi /etc/pam.d/passwd

3. Edit the following line.

password requisite /lib/security/$ISA/pam_passwdqc.so retry=N min=N0,N1,N2,N3,N4

4. Save the file.

Example: Editing /etc/pam.d/passwd

password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=8,8,8,7,6

With this setting in effect, the password requirements are:

n retry=3: A user is allowed 3 attempts to enter a valid password.

N0=8: Passwords containing characters from one character class must be at least 8 characters long.
For example, all lowercase letters

N1=9: Passwords containing characters from two character classes must be at least 8 characters long.
For example, all lowercase or uppercase letters

N2=8: Passphrases must contain words that are each at least 8 characters long.
For example, lowercase, uppercase and numbers

N3=7: Passwords containing characters from three character classes must be at least 7 characters long.


N4=6: Passwords containing characters from all four character classes must be at least 6 characters long

Note: To force a specific password complexity and disable all others, replace the number with the word with disabled. For example,to force passwords containing characters from all four character classes:

password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min= disabled,disabled,disabled,disabled,7