ESXi : set-password-policies

Information

Establish a password policy for password complexity.
ESXi uses the pam_passwdqc.so plug-in to set password strength and complexity. It is important to use passwords that are not easily guessed and that are difficult for password generators to determine. Password strength and complexity rules apply to all ESXi users, including root. They do not apply to Active Directory users when the ESX host is joined to a domain. Those password policies are enforced by AD.

http://pubs.vmware.com/vsphere-60/topic/com.vmware.vsphere.security.doc/GUID-DC96FFDB-F5F2-43EC-8C73-05ACDAE6BE43.html

Solution

# Set Security.PasswordQualityControl for each host -
#these values are an example.
Get-VMHost | Foreach { Set-VMHostAdvancedConfiguration -VMHost $_ -Name Security.PasswordQualityControl -Value "retry=3 min=8,8,8,7,6" }

See Also

https://www.vmware.com/content/dam/digitalmarketing/vmware/en/files/xls/vSphere_6_0_Hardening_Guide_GA_15_Jun_2015.xls

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(1)

Plugin: VMware

Control ID: 991d9dece9465b6266d816c280acc9114a0b9d9132bf798f11519c4e4a0852d0