3.5.2 Passwords and Password Policy
3.5.2 Passwords and Password Policy
When registering a user account locally in the XSCF, also register a password. A newly created user account does not have a set password. Therefore, until a password by the password command or a public key by Secure Shell (SSH) is set for the user, the user account cannot be used for login.
Passwords have limitations such as length and character type. Those password attributes conform to rules called the password policy. After you create a user account, the current password policy applies to the created user account. When you set the password policy again, the password policy applies to users added later. You can check the current password policy by executing the showpasswordpolicy command.
Table 3-5 shows the password policy setting items.
Passwords have limitations such as length and character type. Those password attributes conform to rules called the password policy. After you create a user account, the current password policy applies to the created user account. When you set the password policy again, the password policy applies to users added later. You can check the current password policy by executing the showpasswordpolicy command.
Table 3-5 shows the password policy setting items.
Setting Item | Meaning |
---|---|
Mindays | Minimum number of days after a password change before the next time that the password can be changed. 0 indicates that the password can be changed anytime. |
Maxdays | Maximum number of days that a password is valid |
Warn | Number of days after a password expiration warning is issued before the password actually expires |
Inactive | Number of days after the password expiration time before the account is locked out |
Expiry | Number of days that the account remains valid The default is 0. 0 means that the account will never expire. |
Retry | Number of permitted retries to change a password |
Difok | Number of characters not included in the old password but to be included in the new password |
Minlen | Minimum acceptable password length |
Dcredit | A password that contains numeric characters can be shorter than the minimum acceptable password length (Minlen). The decreased number of characters is up to the number of numeric characters included in the password. Here, you can set the maximum value for this decrease. |
Ucredit | A password that contains uppercase characters can be shorter than the minimum acceptable password length (Minlen). The decreased number of characters is up to the number of uppercase characters included in the password. Here, you can set the maximum value for this decrease. |
Lcredit | A password that contains lowercase characters can be shorter than the minimum acceptable password length (Minlen). The decreased number of characters is up to the number of lowercase characters included in the password. Here, you can set the maximum value for this decrease. |
Ocredit | A password that contains non-alphanumeric characters can be shorter than the minimum acceptable password length (Minlen). The decreased number of characters is up to the number of non-alphanumeric characters included in the password. Here, you can set the maximum value for this decrease. |
Remember | Number of passwords to be stored in the password history |
< Previous Page | Next Page >