This article provides steps that can be used to change the requirements for password complexity when setting a new password for the root account, beyond the default settings, e.g. if required by specific company security policies. 

Note: Before taking any of the following steps, please ensure to create a snapshot or backup of the vCenter Server Appliance (VCSA). If the VCSA is a member of an Enhanced Linked Mode (ELM) replication, please be aware that offline snapshots (in powered off state) need to be created for all ELM nodes.

To edit the password complexity settings,

1. Connect to the VCSA via SSH
2. Login using the root account
3. Take a backup of the file /etc/pam.d/system-password:

   # cp /etc/pam.d/system-password /etc/pam.d/system-password.old

4. Edit the file /etc/pam.d/system-password:

   # vi /etc/pam.d/system-password

5. Find the following line:

   password  requisite   pam_pwquality.so  dcredit=-1 ucredit=-1 lcredit=-1 ocredit=-1 minlen=6 difok=4 enforce_for_root

6. Edit the parameters as required. See below for an explanation for each of these options:

   minlen  = establishes a measure of complexity related to the password length
   lcredit = sets the minimum number of required lowercase letters
   ucredit = sets the minimum number of required uppercase letters
   dcredit = sets the minimum number of required digits
   ocredit = sets the minimum number of required other characters
   difok   = sets the number of characters that must be different from those in the previous password

7. Save and exit the VI editor:

   :wq

8. Attempt to change the password based on the parameters set:

   # passwd root