3.5.7 Checking/Changing the Password Policy
3.5.7 Checking/Changing the Password Policy
Once the password policy is set for a local user account saved in the XSCF, the password policy applies to users added later. Use the showpasswordpolicy command to check the password policy that is currently set. After checking the password policy, if you want to change it, use the setpasswordpolicy command. Execute the setpasswordpolicy command with a user account that has the useradm privilege.
The setpasswordpolicy command sets the password policy with the following options.
Option | Password Policy | Content of Setting |
---|---|---|
-n |
Mindays | Minimum number of days after a password change before the next time that the password can be changed. 0 indicates that the password can be changed anytime. |
-M |
Maxdays | Maximum number of days that a password is valid |
-w |
Warn | Number of days after a password expiration warning is issued before the password actually expires |
-i |
Inactive | Number of days after the password expiration time before the account is locked out |
-e |
Expiry | Number of days that the account remains valid |
-y |
Retry | Number of permitted retries to change a password |
-k |
Difok | Number of characters not included in the old password but to be included in the new password |
-m |
Minlen | Minimum acceptable password length |
-d |
Dcredit | A password that contains numeric characters can be shorter than the minimum acceptable password length (Minlen). The decreased number of characters is up to the number of numeric characters included in the password. Here, you can set the maximum value for this decrease. |
-u |
Ucredit | A password that contains uppercase characters can be shorter than the minimum acceptable password length (Minlen). The decreased number of characters is up to the number of uppercase characters included in the password. Here, you can set the maximum value for this decrease. |
-l |
Lcredit | A password that contains lowercase characters can be shorter than the minimum acceptable password length (Minlen). The decreased number of characters is up to the number of lowercase characters included in the password. Here, you can set the maximum value for this decrease. |
-o |
Ocredit | A password that contains non-alphanumeric characters can be shorter than the minimum acceptable password length (Minlen). The decreased number of characters is up to the number of non-alphanumeric characters included in the password. Here, you can set the maximum value for this decrease. |
-r |
Remember | Number of passwords to be stored in the password history |
Operation Procedure
- Execute the showpasswordpolicy command to check the password policy.
XSCF> showpasswordpolicy Mindays: 0 Maxdays: 90 Warn: 7 Inactive: -1 Expiry: 0 Retry: 5 Difok: 1 Minlen: 8 Dcredit: 0 Ucredit: 0 Lcredit: 0 Ocredit: 0 Remember: 4 |
- As necessary, execute the setpasswordpolicy command to change the settings of the password policy.
- The example below specifies the following:
- - A retry count of up to 3- A password length of 6 characters or more when the password contains 2 numeric characters. A password length of 8 characters or more when the password does not contain numeric characters- An expiration time of 60 days- 15 days ahead as the start date for warnings before the password expires- 3 as the number of passwords to remember
XSCF> setpasswordpolicy -y 3 -m 8 -d 2 -u 0 -l 0 -o 0 -M 60 -w 15 -r 3 |
- Execute the showpasswordpolicy command, and confirm the settings.
XSCF> showpasswordpolicy Mindays: 0 Maxdays: 60 Warn: 15 Inactive: -1 Expiry: 0 Retry: 3 Difok: 1 Minlen: 8 Dcredit: 2 Ucredit: 0 Lcredit: 0 Ocredit: 0 Remember: 3 |
Note - The system password policy does not apply when a password is changed by the password command with another user specified in the user operand. When changing the password of another user, be sure to specify a password conforming to the system password policy. |
< Previous Page | Next Page >