6.1 Setting the Password Policy
6.1 Setting the Password Policy
Passwords have limitations such as length and character type. Those password attributes conform to rules called the password policy.
The current password policy applies to every user account that is created. For this reason, check the current password policy, and adjust the password policy as needed before creating any user account.
The current password policy applies to every user account that is created. For this reason, check the current password policy, and adjust the password policy as needed before creating any user account.
- Execute the showpasswordpolicy command to check the password policy.
XSCF> showpasswordpolicy Mindays: 0 Maxdays: 99999 Warn: 7 Inactive: -1 Expiry: 0 Retry: 3 Difok: 3 Minlen: 9 Dcredit: 1 Ucredit: 1 Lcredit: 1 Ocredit: 1 Remember: 3 |
Display item | Description |
---|---|
Mindays | Minimum number of days after a password change before the next time that the password can be changed. 0 indicates that the password can be changed anytime. |
Maxdays | Maximum number of days that a password is valid |
Warn | Number of days after a password expiration warning is issued before the password actually expires |
Inactive | Number of days after the password expiration time before the account is locked out. The default value is -1. The value of -1 means that the account is not locked after the password expires. |
Expiry | Number of days that the account remains valid |
Retry | Number of permitted retries to change a password |
Difok | Number of characters to be included in the new password but are not included in the old password |
Minlen | Minimum acceptable password length |
Dcredit | A password that contains numeric characters can be shorter than the minimum acceptable password length (Minlen). The decreased number of characters is up to the number of numeric characters included in the password. Here, you can set the maximum value for this decrease. |
Ucredit | A password that contains uppercase characters can be shorter than the minimum acceptable password length (Minlen). The decreased number of characters is up to the number of uppercase characters included in the password. Here, you can set the maximum value for this decrease. |
Lcredit | A password that contains lowercase characters can be shorter than the minimum acceptable password length (Minlen). The decreased number of characters is up to the number of lowercase characters included in the password. Here, you can set the maximum value for this decrease. |
Ocredit | A password that contains non-alphanumeric characters can be shorter than the minimum acceptable password length (Minlen). The decreased number of characters is up to the number of non-alphanumeric characters included in the password. Here, you can set the maximum value for this decrease. |
Remember | Number of passwords to be stored in the password history |
- Execute the setpasswordpolicy command to set the password policy.
The setpasswordpolicy command sets the password policy with the following options.
Option | Password policy |
---|---|
-n |
Mindays |
-M |
Maxdays |
-w |
Warn |
-i |
Inactive |
-e |
Expiry |
-y |
Retry |
-k |
Difok |
-m |
Minlen |
-d |
Dcredit |
-u |
Ucredit |
-l |
Lcredit |
-o |
Ocredit |
-r |
Remember |
- The example below specifies the following:- A retry count of up to 3- A password length of 6 characters or more when the password contains 2 numeric characters. A password length of 8 characters or more when the password does not contain numeric characters- An expiration time of 60 days- 15 days ahead as the start date for warnings before the password expires- 3 as the number of passwords to remember
XSCF> setpasswordpolicy -y 3 -m 8 -d 2 -u 0 -l 0 -o 0 -M 60 -w 15 -r 3 |
- Execute the showpasswordpolicy command, and confirm the settings.
XSCF> showpasswordpolicy Mindays: 0 Maxdays: 60 Warn: 15 Inactive: -1 Expiry: 0 Retry: 3 Difok: 1 Minlen: 8 Dcredit: 2 Ucredit: 0 Lcredit: 0 Ocredit: 0 Remember: 3 |
< Previous Page | Next Page >