NSX CLI Guide
set password-complexity [<complexity-name> <complexity-value>]
Configure password complexity requirements.
- Minimum password length: minimum number of characters expected in password; user can not set their password of length lesser than this parameter. Default: 12, Minimum: 8, Maximum: 128
- Maximum password length: maximum number of characters allowed in password; user can not set their password of length greater than this parameter. Default: 128, Minimum: 8, Maximum: 128
- Lower characters: number of lower case characters (a..z) expected in user password.
N < 0, to set minimum credit for having lower case character in the new password, i.e. this is the minimum number of lower case character that must be met for a new password.
N > 0, to set maximum credit for having lower case character in the new password, i.e. per occurrence of lower case character in password will attribute additional credit of +1 towards meeting the current minimum password length value upto N lower case characters.
N = 0, to disable the policy check.
Default: -1, Minimum: -128, Maximum: 128 - Upper characters: number of upper case characters (A..Z) expected in user password.
N < 0, to set minimum credit for having upper case character in the new password, i.e. this is the minimum number of lower case characters that must be met for a new password.
N > 0, to set maximum credit for having upper case characters in the new password, i.e. per occurrence of upper case character in password will attribute additional credit of +1 towards meeting the current minimum password length value upto N upper case characters.
N = 0, to disable the policy check.
Default: -1, Minimum: -128, Maximum: 128 - Numeric characters: number of digits (0..9) expected in user password.
N < 0, to set minimum credit for having digits in the new password, i.e. this is the minimum number of digits that must be met for a new password.
N > 0, to set maximum credit for having digits in the new password, i.e. per occurrence of digit in password will attribute additional credit of +1 towards meeting the current minimum password length value upto N digits.
N = 0, to disable the policy check.
Default: -1, Minimum: -128, Maximum: 128 - Special characters: number of special characters (!@#$&*..) expected in user password.
N < 0, to set minimum credit for having special characters in the new password, i.e. this is the minimum number of special characters that must be met for a new password.
N > 0, to set maximum credit for having special characters in the new password, i.e. per occurrence of special case character in password will attribute additional credit of +1 towards meeting the current minimum password length value upto N special case characters..
N = 0, to disable the policy check.
Default: -1, Minimum: -128, Maximum: 128 - Minimum unique characters: number of character changes in the new password that differentiate it from the old password. To disable the check, value should be set to 0. Default: 0, Minimum: 0, Maximum: 128
- Allowed similar consecutives: reject passwords which contain more than N same consecutive characters. To disable the check, value should be set to 0. Default: 0, Minimum: 0, Maximum: 128
- Allowed monotonic sequence: reject passwords which contain more than N monotonic character sequences. Monotonic sequences can be '12345' or 'fedcb'. To disable the check, value should be set to 0. Default: 0, Minimum: 0, Maximum: 128
- Hash algorithm: sets hash/cryptographic algorithm type for new passwords. Default: sha512. Enum: [ sha512, sha256 ]
- Password remembrance: limit using a password that was used in past; users can not set the same password within the N generations. To disable the check, value should be set to 0. Default: 0, Minimum: 0
- Minimum password length: 12
- Lower case characters: -1
- Upper case characters: 2
- Digits: -1
- Special case characters: -1
If included, for first 2 upper case characters additional credit of +2 will be secured.
Which signifies password having 1 upper case character with additional 10 or more characters of required complexity will be allowed to set where total password length would be 11 or more,
password having 2 upper case characters with additional 8 or more characters of required complexity will be allowed to set where total password length would be 10 or more,
whereas password with 3 upper case characters shall still require 7 or more characters with above minimum value requirements, as there's only maximum credit of 2 configured for upper case characters.
Few valid passwords with respect to configured example complexity requirements:
- hivmware@123 - consists of required minimum 1 - lower case character, special case character, digit and overall length is 12
- Hivmware@12 - consists of required minimum 1 - lower case character, special case character, digit; whereas length is 11 but inclusion of 1 upper case character attributes an extra +1 credit, hence password is valid
- HiVmware@1 - consists of required minimum 1 - lower case character, special case character, digit; whereas length is 10 but inclusion of 2 upper case characters attributes an extra +2 credit, hence password is valid
whereas following passwords will be invalid:
- hivmware@12 - required length of 12 is not fulfilled
- hivmware1234 - required minimum 1 special case character is not fulfilled
- HiVMwar@1 - there are 3 upper case characters out which only maximum 2 characters will be considered for extra credit, third occurrence of upper case character will be attributed as 1 credit only, hence the overall credit score 11 does not fulfills complexity
Note, passwords less than 8 characters are never allowed.