Dell Brocade G620 Brocade 8.0.1 Fabric OS Administratiors Guide - Page 154
Password expiration policy
View all Dell Brocade G620 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 154 highlights
Managing User Accounts password. The default value is 1, which means the current and one previous password cannot be reused. The value 2 indicates that the current and the two previous passwords cannot be used (and so on, up to 24 passwords). This policy does not verify that a new password meets a minimal standard of difference from prior passwords; rather, it only determines whether or not a newly specified password is identical to one of the specified number (1-24) of previously used passwords. The password history policy is not enforced when an administrator sets a password for another user; instead, the user's password history is preserved and the password set by the administrator is recorded in the user's password history. NOTE You can also use the -oldpasswd option to enable or disable old password check while changing the root password. Password expiration policy The password expiration policy forces the expiration of a password after a configurable period of time. The expiration policy can be enforced across all user accounts or on specified users only. A warning that password expiration is approaching is displayed when the user logs in. When a password expires, the user must change the password to complete the authentication process and open a user session. You can specify the number of days prior to password expiration during which warnings will commence. Password expiration does not disable or lock out the account. Use the following attributes to the passwdCfg command to set the password expiration policy: ∙ MinPasswordAge Specifies the minimum number of days that must elapse before a user can change a password. MinPasswordAge values range from 0 through 999. The default value is zero. Setting this parameter to a nonzero value discourages users from rapidly changing a password in order to circumvent the password history setting to select a recently used password. The MinPasswordAge policy is not enforced when an administrator changes the password for another user. ∙ MaxPasswordAge Specifies the maximum number of days that can elapse before a password must be changed, and is also known as the password expiration period. MaxPasswordAge values range from 0 through 999. The default value is zero. Setting this parameter to zero disables password expiration. ∙ Warning Specifies the number of days prior to password expiration that a warning about password expiration is displayed. Warning values range from 0 through 999. The default value is 0 days. NOTE When MaxPasswordAge is set to a nonzero value, MinPasswordAge and Warning must be set to a value that is less than or equal to MaxPasswordAge. Example of password expiration policies The following example configures a password expiration policy for the metoo user account. This user must change the password within 90 days of setting the current password and no sooner than 10 days after setting the current password. The user will start to receive warning messages 3 days before the 90-day limit, if the password is not already changed. switch:admin> passwdcfg --setuser metoo -minpasswordage 10 -maxpasswordage 90 -warning 3 The following example configures a password expiration policy for all users. switch:admin> passwdcfg --set -minpasswordage 5 -maxpasswordage 30 -warning 5 Brocade Fabric OS Administration Guide, 8.0.1 154 53-1004111-02