By default, the storage servers do not implement any significant restrictions governing the complexity of system account passwords.
For example:
# /opt/oracle.cellos/host_access_control pam-auth --passwdqc N0,N1,N2,N3,N4
Replace N0,N1,N2,N3,N4 with a comma-separated set of five values. These five values collectively set the actual system password complexity policy.
N0 –Used for passwords consisting of only one character class (digits, lowercase characters, uppercase characters, and special characters). In general, this parameter is set to disabled because simple passwords are not secure.
N1 – Used for passwords consisting of two character classes that do not meet the requirements for a passphrase. For this rule to apply, the password must be at least N1 characters in length.
N2 – Used for passwords consisting of a passphrase. For this rule to apply, the password must be at least N2 characters in length and must meet the passphrase requirement.
N3 – Used for passwords consisting of at least three character classes. For this rule to apply, the password must be at least N3 characters in length.
N4 – Used for passwords consisting of at least four character classes. For this rule to apply, the password must be at least N4 characters in length.
To comply with U.S. Department of Defense security requirements, set the N0,N1,N2,N3,N4 parameters to disabled,disabled,disabled,disabled,15. This ensures that the only passwords that are accepted consist of at least four character classes (uppercase, lowercase, numeric, and special) and are at least 15 characters in length.
For example, to set password complexity that meets U.S. Department of Defense requirements, type:
# /opt/oracle.cellos/host_access_control pam-auth --passwdqc disabled,disabled,disabled,disabled,15
# /opt/oracle.cellos/host_access_control pam-auth --status | grep min=