HP StorageWorks 1606 Brocade Fabric OS Administrator's Guide v6.3.0 (53-100133 - Page 121
Password expiration policy, Account lockout policy, Virtual Fabric considerations
View all HP StorageWorks 1606 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 121 highlights
Password policies 5 Password expiration policy The password expiration policy forces expiration of a password after a configurable period of time, and is enforced across all user accounts. A warning that password expiration is approaching is displayed when the user logs in. When a user's password expires, he or she must change the password to complete the authentication process and open a user session. You can specify the number of days prior to password expiration during which warnings will commence. Password expiration does not disable or lock out the account. Use the following attributes to set the password expiration policy: • MinPasswordAge Specifies the minimum number of days that must elapse before a user can change a password. MinPasswordAge values range from 0 to 999. The default value is zero. Setting this parameter to a non-zero value discourages users from rapidly changing a password in order to circumvent the password history setting to select a recently-used password. The MinPasswordAge policy is not enforced when an administrator changes the password for another user. • MaxPasswordAge Specifies the maximum number of days that can elapse before a password must be changed, and is also known as the password expiration period. MaxPasswordAge values range from 0 to 999. The default value is zero. Setting this parameter to zero disables password expiration. • Warning Specifies the number of days prior to password expiration that a warning about password expiration is displayed. Warning values range from 0 to 999. The default value is 0 days. NOTE When MaxPasswordAge is set to a non-zero value, MinPasswordAge and Warning must be set to a value that is less than or equal to MaxPasswordAge. Account lockout policy The account lockout policy disables a user account when that user exceeds a specified number of failed login attempts, and is enforced across all user accounts. You can configure this policy to keep the account locked until explicit administrative action is taken to unlock it, or the locked account can be automatically unlocked after a specified period. Administrators can unlock a locked account at any time. A failed login attempt counter is maintained for each user on each switch instance. The counters for all user accounts are reset to zero when the account lockout policy is enabled. The counter for an individual account is reset to zero when the account is unlocked after a lockout duration period expires. The admin account can also have the lockout policy enabled on it. The admin account lockout policy is disabled by default and uses the same lockout threshold as the other roles. It can be automatically unlocked after the lockout duration passes or when it is manually unlocked by either a user account that has a securityAdmin or other Admin role. Virtual Fabric considerations: The home logical fabric context is used to validate user enforcement for the account lockout policy. The following commands are used to manage the account lockout policy. Fabric OS Administrator's Guide 79 53-1001336-01