sorry
you try modify file /etc/pam.d/system-auth-generic
from
password required /lib/security/$ISA/pam_passwdqc.so min=8,8,8,7,6 similar=deny match=0
to
password required /lib/security/$ISA/pam_passwdqc.so min=8,8,8,7,6 enforce=none
Parameter match. This is a case and direction insensitive substring-matching function that is used to determine if a substring is common. Passwords aren't rejected for having common substrings, the substring value is just removed from consideration when calculating the number of different character classes, just as leading capitals and trailing digits are.
Parameter similar, which can be either similar=permit or similar=deny. The default is deny, which means the new password isn't allowed to be similar to the old password. Passwords are subject to the common substring test from match, and rejected if they're too similar. This stops users from using passwords similar to ones that may have been compromised. So, if the user's previous password was "mypass1" they wouldn't be allowed to use "mypass2" as their next password.
Parameter eneforce can have a value of none, users, or everyone. The default is enforce=everyone. none will warn of weak passwords only, but not enforce their rejection. users will enforce the restrictions for all non-root users on the system. everyone will enforce the restrictions for all users, including root.
This instruction is for ESX4i. Is it the same for ESX4? I can't find the common-password in the /etc/pam.d folder in esx4 version...
sorry
you try modify file /etc/pam.d/system-auth-generic
from
password required /lib/security/$ISA/pam_passwdqc.so min=8,8,8,7,6 similar=deny match=0
to
password required /lib/security/$ISA/pam_passwdqc.so min=8,8,8,7,6 enforce=none
Parameter match. This is a case and direction insensitive substring-matching function that is used to determine if a substring is common. Passwords aren't rejected for having common substrings, the substring value is just removed from consideration when calculating the number of different character classes, just as leading capitals and trailing digits are.
Parameter similar, which can be either similar=permit or similar=deny. The default is deny, which means the new password isn't allowed to be similar to the old password. Passwords are subject to the common substring test from match, and rejected if they're too similar. This stops users from using passwords similar to ones that may have been compromised. So, if the user's previous password was "mypass1" they wouldn't be allowed to use "mypass2" as their next password.
Parameter eneforce can have a value of none, users, or everyone. The default is enforce=everyone. none will warn of weak passwords only, but not enforce their rejection. users will enforce the restrictions for all non-root users on the system. everyone will enforce the restrictions for all users, including root.