1. Log in to the ESXi Shell and acquire root privileges.
2. Open the passwd file with the vi editor.
# vi /etc/pam.d/passwd
3. Edit the following line.
password requisite /lib/security/$ISA/pam_passwdqc.so retry=N min=N0,N1,N2,N3,N4
4. Save the file.
Example: Editing /etc/pam.d/passwd
password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=8,8,8,7,6
With this setting in effect, the password requirements are:
n retry=3: A user is allowed 3 attempts to enter a valid password.
N0=8: Passwords containing characters from one character class must be at least 8 characters long.
For example, all lowercase letters
N1=9: Passwords containing characters from two character classes must be at least 8 characters long.
For example, all lowercase or uppercase letters
N2=8: Passphrases must contain words that are each at least 8 characters long.
For example, lowercase, uppercase and numbers
N3=7: Passwords containing characters from three character classes must be at least 7 characters long.
N4=6: Passwords containing characters from all four character classes must be at least 6 characters long
Note: To force a specific password complexity and disable all others, replace the number with the word with disabled. For example,to force passwords containing characters from all four character classes:
password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min= disabled,disabled,disabled,disabled,7
2. Open the passwd file with the vi editor.
# vi /etc/pam.d/passwd
3. Edit the following line.
password requisite /lib/security/$ISA/pam_passwdqc.so retry=N min=N0,N1,N2,N3,N4
4. Save the file.
Example: Editing /etc/pam.d/passwd
password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=8,8,8,7,6
With this setting in effect, the password requirements are:
n retry=3: A user is allowed 3 attempts to enter a valid password.
N0=8: Passwords containing characters from one character class must be at least 8 characters long.
For example, all lowercase letters
N1=9: Passwords containing characters from two character classes must be at least 8 characters long.
For example, all lowercase or uppercase letters
N2=8: Passphrases must contain words that are each at least 8 characters long.
For example, lowercase, uppercase and numbers
N3=7: Passwords containing characters from three character classes must be at least 7 characters long.
N4=6: Passwords containing characters from all four character classes must be at least 6 characters long
Note: To force a specific password complexity and disable all others, replace the number with the word with disabled. For example,to force passwords containing characters from all four character classes:
password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min= disabled,disabled,disabled,disabled,7
No comments:
Post a Comment