I would like to set the password complexity for the new accounts on my ESXi 5.0 (updated 2) host to be a minimum of 14 characters, and have at least 1 of each of the following: 1 upper case char, 1 digit, 1 lowercase char, 1 special char and no dictionary words (passphrases).
I updated the /etc/pam.d/passwd file to look like the following (changed the default min=8,8,8,7,6)
password requisite /lib/security/$ISA/pam_passwdqc.so retry=3 min=disabled,disabled,disabled,disabled,14
I then go up to the VI Client and try to create a user on the host with this new complexity and it will only accept a password with a minimum of 30 characters.
When I set it to set min=disabled,disabled,disabled,14,14 the min password length accepted was 18.
I started playing around and changed it to min=disabled,disabled,disabled,10,10 and that let me have a 15 char password.
Does anyone know what is going on here? I'm not sure if this is an ESXi problem or a pam module problem, but it appears the pam_passwdqc.so module behaves differently on ESXi5.0 and ESX 3.5. I tried the same thing on an ESX 3.5 Red Hat Linux host and it didn't work there eitherr, but I got different results.
I appreciate any insight on this.
Maureen