Configure the pam_passwdqc.so plug-in to determine the basic standards all passwords must meet.

1

Log in to the ESXi Shell and acquire root privileges.

2

Open the passwd file with a text editor.

For example, vi /etc/pam.d/passwd

3

Edit the following line.

password requisite /lib/security/$ISA/pam_passwdqc.so retry=N min=N0,N1,N2,N3,N4
4

Save the file.

password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=12,9,8,7,6

With this setting in effect, the password requirements are:

retry=3: A user is allowed 3 attempts to enter a sufficient password.

N0=12: Passwords containing characters from one character class must be at least 12 characters long.

N1=9: Passwords containing characters from two character classes must be at least nine characters long.

N2=8: Passphrases must contain words that are each at least eight characters long.

N3=7: Passwords containing characters from three character classes must be at least seven characters long.

N4=6: Passwords containing characters from all four character classes must be at least six characters long.