Skip to main content

Account security policy settings

Use this information to understand and set the account security policy for your server.

Note
In a Flex System, the account security policy settings are managed by the Flex System Chassis Management Module (CMM) and cannot be modified through the XCC. When the CMM is used to configure the account security policy, make note of the following:
  • Unlike the XCC, the CMM does not have the Password expiration warning period (days) setting. When the Password expiration period is configured to be longer than 5 days in the CMM, the XCC will set the password expiration warning period to be 5 days. Conversely, if the setting is shorter than 5 days, the password expiration warning period will be the same as the value inputted in the Password expiration period.
  • For the Maximum number of login failures (times) setting, the range set forth in the CMM is 0-100 times. However, the range defined in the XCC is 0-10 times. Thus, when the user selects a value that exceeds 10 times in the CMM, the XCC will still set the maximum number of login failures as 10 times.
  • For the Minimum password change interval (hours) setting, the range set forth in the CMM is 0-1440 hours. However, the range defined in the XCC is 0-240 hours. Thus, when the user selects a value that exceeds 240 hours in the CMM, the XCC will still set the minimum password change interval to be 240 hours.
The following information is a description of the fields for the security settings.
Force to change password on first access
After setting up a new user with a default password, selection of this check box will force that user to change their password the first time that the user logs in. The default value for this field is to have the check box enabled.
Force default account password must be changed on next login
A manufacturing option is provided to reset the default USERID profile after the first successful login. When this check box is enabled, the default password must be changed before the account can be used. The new password is subject to all active password enforcement rules. The default value for this field is to have the check box enabled.
Complex password required
The option box is checked by default and the complex password must adhere to the following rules:
  • Only contain the following characters (no white-space characters allowed): A-Z, a-z, 0-9, ~`!@#$%^&*()-+={}[]|:;"'<>,?/._
  • Must contain at least one letter
  • Must contain at least one number
  • Must contain at least two of the following combinations:
    • At least one upper-case letter.
    • At least one lower-case letter.
    • At least one special character.
  • No other characters (in particular, spaces or white-space characters) are allowed
  • Passwords may have no more than two consecutive instances of the same character (i.e., “aaa”).
  • The password cannot be literary same as the user name, simply repeating the user name one or more times, or a reverse character order of the user name.
  • Passwords must be a minimum of 8 and a maximum of 32 characters long
If the option box is not checked, the number specified in the minimum password length can be set as 0–32 characters. The account password may be blank if minimum password length is set as 0.
Password expiration period (days)
This field contains the maximum password age that is permitted before the password must be changed.
Password expiration warning period (days)
This field contains the number of days a user is warned before their password expires.
Minimum password length
This field contains the minimum length of the password.
Minimum password reuse cycle
This field contains the number of previous passwords that cannot be reused. Up to ten previous passwords can be compared. Select 0 to allow the reuse of all previous passwords.
Minimum password change interval (hours)
This field contains how long a user must wait between password changes.
Maximum number of login failures (times)
This field contains the number of failed login attempts that are allowed before the user is locked out for a period of time.
Lockout period after maximum login failures (minutes)
This field specifies how long (in minutes), the XClarity Controller subsystem will disable remote login attempts after the maximum number of login failures has been reached.