Skip to main content

3.5.2 Passwords and Password Policy


3.5.2 Passwords and Password Policy
When registering a user account locally in the XSCF, also register a password. A newly created user account does not have a set password. Therefore, until a password by the password command or a public key by Secure Shell (SSH) is set for the user, the user account cannot be used for login.

Passwords have limitations such as length and character type. Those password attributes conform to rules called the password policy. After you create a user account, the current password policy applies to the created user account. When you set the password policy again, the password policy applies to users added later. You can check the current password policy by executing the showpasswordpolicy command.

Table 3-5 shows the password policy setting items.
Table 3-5  Password Policy Items
Setting Item Meaning
Mindays Minimum number of days after a password change before the next time that the password can be changed. 0 indicates that the password can be changed anytime.
Maxdays Maximum number of days that a password is valid
Warn Number of days after a password expiration warning is issued before the password actually expires
Inactive Number of days after the password expiration time before the account is locked out
Expiry Number of days that the account remains valid The default is 0. 0 means that the account will never expire.
Retry Number of permitted retries to change a password
Difok Number of characters not included in the old password but to be included in the new password
Minlen Minimum acceptable password length
Dcredit A password that contains numeric characters can be shorter than the minimum acceptable password length (Minlen). The decreased number of characters is up to the number of numeric characters included in the password. Here, you can set the maximum value for this decrease.
Ucredit A password that contains uppercase characters can be shorter than the minimum acceptable password length (Minlen). The decreased number of characters is up to the number of uppercase characters included in the password. Here, you can set the maximum value for this decrease.
Lcredit A password that contains lowercase characters can be shorter than the minimum acceptable password length (Minlen). The decreased number of characters is up to the number of lowercase characters included in the password. Here, you can set the maximum value for this decrease.
Ocredit A password that contains non-alphanumeric characters can be shorter than the minimum acceptable password length (Minlen). The decreased number of characters is up to the number of non-alphanumeric characters included in the password. Here, you can set the maximum value for this decrease.
Remember Number of passwords to be stored in the password history