HP StorageWorks 8/80 HP StorageWorks Fabric OS 6.2 administrator guide (5697-0 - Page 75

NOTE: If Virtual Fabrics mode is enabled, distributing the password database to switches is not supported. If the distribution command is entered from a pre-Fabric OS 6.2.0, switches running Fabric OS 6.2.0 will reject it. Protection of the local user database from distributions Fabric OS 5.2.0 and later allows you to distribute the user database and passwords to other switches in the fabric. When the switch accepts a distributed user database, it replaces the local user database with the user database it receives. By default, switches accept the user databases and passwords distributed from other switches. This section explains how to protect the local user database from being overwritten. Accepting distribution of user databases on the local switch 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the following command: fddCfg --localaccept PWD where PWD is the user database policy. Rejecting distributed user databases on the local switch 1. Connect to the switch and log in using an account assigned to the admin role. 2. Enter the following command: fddCfg --localreject PWD Password policies The password policies described in this section apply to the local switch user database only. Configured password policies (and all user account attribute and password state information) are synchronized across CPs and remain unchanged after an HA failover. Password policies can also be manually distributed across the fabric (see "Local account database distribution" on page 74). The following is a list of the configurable password policies: • Password strength • Password history • Password expiration • Account lockout All password policies are enforced during logins to the standby CP. However, you may observe that the password enforcement behavior on the standby CP is inconsistent with prior login activity because password state information from the active CP is automatically synchronized with the standby CP, thereby overwriting any password state information that was previously stored there. Also, password changes are not permitted on the standby CP. Password authentication policies configured using the passwdCfg command are not enforced during initial prompts to change default passwords. Password strength policy The password strength policy is enforced across all user accounts, and is applicable to a set of format rules to which new passwords must adhere. The password strength policy is enforced only when a new password is defined. The total of the other password strength policy parameters (lowercase, uppercase, digits, and punctuation) must be less than or equal to the value of the MinLength parameter. Use the following attributes to set the password strength policy: • Lowercase Specifies the minimum number of lowercase alphabetic characters that must appear in the password. The default value is zero. The maximum value must be less than or equal to the MinLength value. Fabric OS 6.2 administrator guide 75