HP StorageWorks 4/256 HP StorageWorks Fabric OS 5.3.x administrator guide (569 - Page 71
Upgrade and downgrade considerations, How to set the account lockout policy, MinPasswordAge, Warning
View all HP StorageWorks 4/256 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 71 highlights
password history setting to select a recently-used password. The MinPasswordAge policy is not enforced when an administrator changes the password for another user. • MaxPasswordAge Specifies the maximum number of days that can elapse before a password must be changed, and is also known as the password expiration period. MaxPasswordAge values in range from 0 to 999. The default value is zero. Setting this parameter to zero disables password expiration. • Warning Specifies the number of days prior to password expiration that a warning about password expiration is displayed. Warning values range from 0 to 999. The default value is 0 days. NOTE: When MaxPasswordAge is set to a non-zero value, MinPasswordAge and Warning must be set to a value that is less than or equal to MaxPasswordAge. Upgrade and downgrade considerations If you are upgrading from a 5.0.x environment to 5.3.0, the existing password databases do not contain the state information that implements password expiration. So, when the password expiration policy is first set after an upgrade to 5.2.x, any user who has not changed their password will have their password expiration period set to the maximum password expiration period. You must explicitly define the password expiration for users who have not performed a password change subsequent to the upgrade. For example: • March 1st-Using a 5.0.x Fabric OS release. User A changes her password. • April 1-Upgrade to 5.3.0 • May 1-User B changes his password. • June 1-The password configuration parameter MaxPasswordAge is set to 90 days. User A's password will expire on September 1. User B's password will expire on August 1. How to set the account lockout policy The account lockout policy disables a user account when that user exceeds a specified number of failed login attempts, and is enforced across all user accounts. You can configure this policy to keep the account locked until explicit administrative action is taken to unlock it, or the locked account can be automatically unlocked after a specified period. Administrators can unlock a locked account at any time. A failed login attempt counter is maintained for each user on each switch instance. The counters for all user accounts are reset to zero when the account lockout policy is enabled. The counter for an individual account is reset to zero when the account is unlocked after a LockoutDuration period expires. Note that the account locked state is distinct from the account-disabled state. Use the following attributes to set the account lockout policy: • LockoutThreshold Specifies the number of times a user can attempt to login using an incorrect password before the account is locked. The number of failed login attempts is counted from the last successful login. LockoutThreshold values range from 0 to 999, and the default value is 0. Setting the value to 0 disables the lockout mechanism. • LockoutDuration Specifies the time, in minutes, after which a previously locked account is automatically unlocked. LockoutDuration values range from 0 to 99999, and the default value is 30. Setting the value to 0 disables lockout duration, and would require a user to seek administrative action to unlock the account. The lockout duration begins with the first login attempt after the LockoutThreshold has been reached. Subsequent failed login attempts do not extend the lockout period. Fabric OS 5.3.0 administrator guide 73