Enabling a Minimum Password Complexity Requirement for Engines
Use the instructions in this topic to require a minimum level of complexity when users create a password to access the ExtremeControl engine, the ExtremeAnalytics engine, or the ExtremeCloud IQ Site Engine server via the Command Line Interface (CLI).
To enable the minimum complexity password requirement:
- Access the CLI through the ExtremeControl engine, the ExtremeAnalytics engine, or the ExtremeCloud IQ Site Engine server, depending on the system on which you are enabling password complexity requirements.
- Navigate to the
/opt/extreme/extras/folder. -
Enter
dpkg -i *.deb.
Minimum password requirements are enabled.paT NOTE: By default, the minimum password requirements are as follows:
- Minimum of 8 characters
- Cannot contain the same letters and numbers as the previous password in a different order (e.g. "password" and "wordpass"
- Cannot contain the same letters and numbers as the previous password with a changed case (e.g. "password" and "Password")
- At least three characters in the new password must not be present in the old password
- Modify the minimum password requirements, if necessary.
- Navigate to the
/etc/pam.d/folder. - Open the
common-passwordfile. - Change the
password requisiteline in the file to fit your needs:- lcredit — lower-case letter
- ucredit — upper-case letter
- dcredit — digit (number)
- ocredit — non-alphanumeric character (symbol)
- Add
enforce_for_rootto the password requisite line to also enforce these password requirements for the root user when the root user is setting passwords for other users.
For example, to create a password requirement of at least one upper-case letter, one lower-case letter, one digit, and one symbol and also require the root user to follow the password requirements, enter the following in the
password requisiteline:ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1 enforce_for_root - Navigate to the