Skip to main content

Account security policy settings

Use this information to understand and set the account security policy for your server.

The following information is a description of the fields for the security settings.
Force to change password on first access
After setting up a new user with a default password, selection of this checkbox will force that user to change their password the first time that the user logs in. The default value for this field is to have the checkbox enabled.
Complex password required
The option box is checked by default and the complex password must adhere to the following rules:
  • Only contain the following characters (no white-space characters allowed): A-Z, a-z, 0-9, ~`!@#$%^&*()-+={}[]|:;"'<>,?/._
  • Must contain at least one letter
  • Must contain at least one number
  • Must contain at least two of the following combinations:
    • At least one upper-case letter.
    • At least one lower-case letter.
    • At least one special character.
  • No other characters (in particular, spaces or white-space characters) are allowed
  • Passwords may have no more than two consecutive instances of the same character (i.e., “aaa”).
  • The password cannot be literary same as the user name, simply repeating the user name one or more times, or a reverse character order of the user name.
  • Passwords must be a minimum of 8 and a maximum of 255 characters long.
If the option box is not checked, the number specified in the minimum password length can be set as 0-255 characters. The account password may be blank if minimum password length is set as 0.
Password expiration period (days)
This field contains the maximum password age that is permitted before the password must be changed.
Password expiration warning period (days)
This field contains the number of days a user is warned before their password expires.
Minimum password length (characters)
This field contains the minimum length of the password.
Minimum password reuse cycle (times)
This field contains the number of previous passwords that cannot be reused.
Minimum password change interval (hours)
This field contains how long a user must wait between password changes.
Maximum number of login failures (times)
This field contains the number of failed login attempts that are allowed before the user is locked out for a period of time.
Lockout period after maximum login failures (minutes)
This field specifies how long (in minutes), the XClarity Controller subsystem will disable remote login attempts after the maximum number of login failures has been reached.