Configure the Local User Password Complexity
Policy for NSX Edge
Define the password format requirements for local users on the NSX Edge appliance in
VMware Cloud Foundation
.Setting | Default Value | Description |
|---|---|---|
minlen | 15 | Minimum password
length If your password
policy requires setting the minimum password length to a value
greater than 20, you cannot use password rotation in SDDC
Manager. |
lcredit | -1 | Maximum number of
lowercase characters that will generate a credit |
ucredit | -1 | Maximum number of
uppercase characters that will generate a credit |
dcredit | -1 | Maximum number of digits
that will generate a credit |
ocredit | -1 | Maximum number of other
characters that will generate a credit |
difok | 0 | Minimum number of
characters that must be different from the old password |
retry | 3 | Maximum number of
retries |
UI Procedure
- If you are configuring an NSX Edge virtual appliance, open the appliance console by using the Web console in the vSphere Client.
- Log in to the management domain vCenter Server athttps://<management_vcenter_server_fqdn>/uiby using an account withAdministratorprivileges.
- In theVMs and templatesinventory, expand the management domain vCenter Server tree and expand the management domain data center.
- Expand the VM folder containing the NSX Edge cluster for the management domain.
- Select the first node of the NSX Edge cluster and clickLaunch web console.
- If you are configuring a bare-metal NSX Edge appliance, open the appliance console by using an out-of-band management interface, such as iLO or iDRAC.
- Log in to the NSX Edge node asroot.
- Back up the password requirements for the appliance using the following command.cp -p /etc/pam.d/common-password /etc/pam.d/common-password-`date +%F_%H:%M:%S`.back
- Set these settings according to the requirements of your organization using the following commands.sed -i -E 's/minlen=[-]?[0-9]+/minlen=<your_value>/g' /etc/pam.d/common-password sed -i -E 's/lcredit=[-]?[0-9]+/lcredit=<your_value>/g' /etc/pam.d/common-password sed -i -E 's/ucredit=[-]?[0-9]+/ucredit=<your_value>/g' /etc/pam.d/common-password sed -i -E 's/dcredit=[-]?[0-9]+/dcredit=<your_value>/g' /etc/pam.d/common-password sed -i -E 's/ocredit=[-]?[0-9]+/ocredit=<your_value>/g' /etc/pam.d/common-password sed -i -E 's/difok=[-]?[0-9]+/difok=<your_value>/g' /etc/pam.d/common-password sed -i -E 's/retry=[-]?[0-9]+/retry=<your_value>/g' /etc/pam.d/common-password
- Repeat this procedure on the remaining NSX Edge cluster nodes in the management domain.
- Repeat this procedure on all NSX Edge clusters in the VI workload domains.
PowerShell Procedure
You can use the PowerShell command for
configuring the password complexity policies only on the NSX Edge nodes in
VMware Cloud Foundation
that
are deployed by using SDDC Manager. For NSX Edge virtual appliances that are
deployed manually and for bare-metal NSX Edge appliances, configure the policies
manually according to the NSX-T
Data Center documentation
.- Start Windows PowerShell.
- Replace the values in the sample code and run the commands in the PowerShell console.$sddcManagerFqdn = "sfo-vcf01.sfo.rainpole.io" $sddcManagerUser = "administrator@vsphere.local" $sddcManagerPass = "VMw@re1!" $sddcDomainName = "sfo-m01" $minLength = "15" $minLowercase = "-1" $minUppercase = "-1" $minNumerical = "-1" $minSpecial = "-1" $minUnique = "0" $maxRetry = "3"
- Perform the configuration by running the command in the PowerShell console.Update-NsxtEdgePasswordComplexity -server $sddcManagerFqdn -user $sddcManagerUser -pass $sddcManagerPass -domain $sddcDomainName -minLength $minLength -minLowercase $minLowercase -minUppercase $minUppercase -minNumerical $minNumerical -minSpecial $minSpecial -minUnique $minUnique -maxRetry $maxRetry
- Repeat this procedure for all NSX Edge clusters in the VI workload domains.