I would like to set the password complexity for the new accounts on my ESXi 5.0 (updated 2) host to be a minimum of 14 characters, and have at least 1 of each of the following: 1 upper case char, 1 digit, 1 lowercase char, 1 special char and no dictionary words (passphrases).

I updated the /etc/pam.d/passwd file to look like the following (changed the default min=8,8,8,7,6)

    password   requisite   /lib/security/$ISA/pam_passwdqc.so retry=3 min=disabled,disabled,disabled,disabled,14

I then go up to the VI Client and try to create a user on the host with this new complexity and it will only accept a password with a minimum of 30 characters.

When I set it to set min=disabled,disabled,disabled,14,14 the min password length accepted was 18.

I started playing around and changed it to min=disabled,disabled,disabled,10,10 and that let me have a 15 char password.

Does anyone know what is going on here?  I'm not sure if this is an ESXi problem or a pam module problem, but it appears the pam_passwdqc.so module behaves differently on ESXi5.0 and ESX 3.5.  I tried the same thing on an ESX 3.5 Red Hat Linux host and it didn't work there eitherr, but I got different results.

I appreciate any insight on this.

Maureen