Account security policy settings
Use this information to understand and set the account security policy for your server.
The following information is a description of the fields for the security settings.
- Force to change password on first access
- After setting up a new user with a default password, selection of this checkbox will force that user to change their password the first time that the user logs in. The default value for this field is to have the checkbox enabled.
- Complex password required
- The option box is checked by default and the complex password must adhere to the following rules:
- Only contain the following characters (no white-space characters allowed): A-Z, a-z, 0-9, ~`!@#$%^&*()-+={}[]|:;"'<>,?/._
- Must contain at least one letter
- Must contain at least one number
- Must contain at least two of the following combinations:
- At least one upper-case letter.
- At least one lower-case letter.
- At least one special character.
- No other characters (in particular, spaces or white-space characters) are allowed
- Passwords may have no more than two consecutive instances of the same character (i.e., “aaa”).
- The password cannot be literary same as the user name, simply repeating the user name one or more times, or a reverse character order of the user name.
- Passwords must be a minimum of 8 and a maximum of 255 characters long.
- Password expiration period (days)
- This field contains the maximum password age that is permitted before the password must be changed.
- Password expiration warning period (days)
- This field contains the number of days a user is warned before their password expires.
- Minimum password length (characters)
- This field contains the minimum length of the password.
- Minimum password reuse cycle (times)
- This field contains the number of previous passwords that cannot be reused.
- Minimum password change interval (hours)
- This field contains how long a user must wait between password changes.
- Maximum number of login failures (times)
- This field contains the number of failed login attempts that are allowed before the user is locked out for a period of time.NoteWhen the maximum number of login failures has been reached, a warning message will be displayed at the next login attempt.
- Lockout period after maximum login failures (minutes)
- This field specifies how long (in minutes), the XClarity Controller subsystem will disable remote login attempts after the maximum number of login failures has been reached.
Give documentation feedback