NSX CLI Guide

Associated Commands:

CLI Description	Command
Resets configured password complexity requirements to default Resets configured password complexity requirements to default.	clear password-complexity
Get API account lockout period Get the amount of time, in seconds, that an account will remain locked out of the API after exceeding the maximum number of failed authentication attempts.	get auth-policy api lockout-period
Get API account lockout reset period In order to trigger an account lockout, all authentication failures must occur in this time window. If the reset period exprires, the failed login count is reset to zero.	get auth-policy api lockout-reset-period
Get API maximum authentication faliures Get the number of failed API authentication attempts that are allowed before the account is locked. If set to 0, account lockout is disabled.	get auth-policy api max-auth-failures
Get CLI account lockout period Get the amount of time, in seconds, that an account will remain locked out of the CLI after exceeding the maximum number of failed authentication attempts.	get auth-policy cli lockout-period
Get CLI maximum authentication faliures Get the number of failed CLI authentication attempts that are allowed before the account is locked. If set to 0, account lockout is disabled.	get auth-policy cli max-auth-failures
Get minimum allowable password length Get the minimum number of characters that passwords must have.	get auth-policy minimum-password-length
Get configured password complexity requirements Get configured password complexity requirements.	get password-complexity
Set API account lockout period Sets the amount of time, in seconds, that an account will remain locked out of the API after exceeding the maximum number of failed authentication attempts.	set auth-policy api lockout-period <lockout-period-arg>
Set API account lockout reset period In order to trigger an account lockout, all authentication failures must occur in this time window. If the reset period exprires, the failed login count is reset to zero.	set auth-policy api lockout-reset-period <lockout-reset-period-arg>
Set API maximum authentication faliures Set the number of failed API authentication attempts that are allowed before the account is locked. If set to 0, account lockout is disabled.	set auth-policy api max-auth-failures <auth-failures-arg>
Set CLI account lockout period Sets the amount of time, in seconds, that an account will remain locked out of the CLI after exceeding the maximum number of failed authentication attempts. While the lockout period is in effect, additional authentication attempts restart the lockout period, even if a valid password is specified.	set auth-policy cli lockout-period <cli-lockout-period-arg>
Set CLI maximum authentication faliures Set the number of failed CLI authentication attempts that are allowed before the account is locked. If set to 0, account lockout is disabled.	set auth-policy cli max-auth-failures <cli-auth-failures-arg>
Set minimum allowable password length Set the minimum number of characters that passwords must have. The smallest value that can be set is 8.	set auth-policy minimum-password-length <password-length-arg>
Set auth-policy vidm properties Set the vidm's properties.	set auth-policy vidm hostname <hostname-or-ip-address> thumbprint <vidm-host-thumbprint-arg> client-id <vidm-client-id-arg> client-secret <vidm-client-secret-arg> node-hostname <hostname-or-ip-address>
Configure password complexity requirements Configure password complexity requirements. Minimum password length: minimum number of characters expected in password; user can not set their password of length lesser than this parameter. Default: 12, Minimum: 8, Maximum: 128 Maximum password length: maximum number of characters allowed in password; user can not set their password of length greater than this parameter. Default: 128, Minimum: 8, Maximum: 128 Lower characters: number of lower case characters (a..z) expected in user password. N < 0, to set minimum credit for having lower case character in the new password, i.e. this is the minimum number of lower case character that must be met for a new password. N > 0, to set maximum credit for having lower case character in the new password, i.e. per occurrence of lower case character in password will attribute additional credit of +1 towards meeting the current minimum password length value upto N lower case characters. N = 0, to disable the policy check. Default: -1, Minimum: -128, Maximum: 128 Upper characters: number of upper case characters (A..Z) expected in user password. N < 0, to set minimum credit for having upper case character in the new password, i.e. this is the minimum number of lower case characters that must be met for a new password. N > 0, to set maximum credit for having upper case characters in the new password, i.e. per occurrence of upper case character in password will attribute additional credit of +1 towards meeting the current minimum password length value upto N upper case characters. N = 0, to disable the policy check. Default: -1, Minimum: -128, Maximum: 128 Numeric characters: number of digits (0..9) expected in user password. N < 0, to set minimum credit for having digits in the new password, i.e. this is the minimum number of digits that must be met for a new password. N > 0, to set maximum credit for having digits in the new password, i.e. per occurrence of digit in password will attribute additional credit of +1 towards meeting the current minimum password length value upto N digits. N = 0, to disable the policy check. Default: -1, Minimum: -128, Maximum: 128 Special characters: number of special characters (!@#$&..) expected in user password. N < 0, to set minimum credit for having special characters in the new password, i.e. this is the minimum number of special characters that must be met for a new password. N > 0, to set maximum credit for having special characters in the new password, i.e. per occurrence of special case character in password will attribute additional credit of +1 towards meeting the current minimum password length* value upto N special case characters.. N = 0, to disable the policy check. Default: -1, Minimum: -128, Maximum: 128 Minimum unique characters: number of character changes in the new password that differentiate it from the old password. To disable the check, value should be set to 0. Default: 0, Minimum: 0, Maximum: 128 Allowed similar consecutives: reject passwords which contain more than N same consecutive characters. To disable the check, value should be set to 0. Default: 0, Minimum: 0, Maximum: 128 Allowed monotonic sequence: reject passwords which contain more than N monotonic character sequences. Monotonic sequences can be '12345' or 'fedcb'. To disable the check, value should be set to 0. Default: 0, Minimum: 0, Maximum: 128 Hash algorithm: sets hash/cryptographic algorithm type for new passwords. Default: sha512. Enum: [ sha512, sha256 ] Password remembrance: limit using a password that was used in past; users can not set the same password within the N generations. To disable the check, value should be set to 0. Default: 0, Minimum: 0 Understanding PAM's maximum credit values with an example, consider password complexity configured as follows: Minimum password length: 12 Lower case characters: -1 Upper case characters: 2 Digits: -1 Special case characters: -1 above values represent a password to be atleast of length 12 (or credits) which should consist atleast 1 lower case character, atleast 1 digit, atleast 1 special case character and any number of upper case characters. If included, for first 2 upper case characters additional credit of +2 will be secured. Which signifies password having 1 upper case character with additional 10 or more characters of required complexity will be allowed to set where total password length would be 11 or more, password having 2 upper case characters with additional 8 or more characters of required complexity will be allowed to set where total password length would be 10 or more, whereas password with 3 upper case characters shall still require 7 or more characters with above minimum value requirements, as there's only maximum credit of 2 configured for upper case characters. Few valid passwords with respect to configured example complexity requirements: hivmware@123 - consists of required minimum 1 - lower case character, special case character, digit and overall length is 12 Hivmware@12 - consists of required minimum 1 - lower case character, special case character, digit; whereas length is 11 but inclusion of 1 upper case character attributes an extra +1 credit, hence password is valid HiVmware@1 - consists of required minimum 1 - lower case character, special case character, digit; whereas length is 10 but inclusion of 2 upper case characters attributes an extra +2 credit, hence password is valid whereas following passwords will be invalid: hivmware@12 - required length of 12 is not fulfilled hivmware1234 - required minimum 1 special case character is not fulfilled HiVMwar@1 - there are 3 upper case characters out which only maximum 2 characters will be considered for extra credit, third occurrence of upper case character will be attributed as 1 credit only, hence the overall credit score 11 does not fulfills complexity Note, passwords less than 8 characters are never allowed.	set password-complexity [<complexity-name> <complexity-value>]

Total commands: 16