1. Administrator's Guide
  2. System Administration
  3. Admin Security - Feature Set
  4. Password Policy
  5. Configuring Password Policy Properties

Configuring Password Policy Properties

To enforce the stronger password rules and restrictions that the Administrative Security ACP license it provides, you must enable the password-policy-strength parameter.
  1. Click the Configuration tab, click Security.
  2. Click Password Policy.
  3. In the Add Password Policy page, add values to the fields as described in the table below

    Table 3-8 Fields in the Add Password Policy page

    Field Description
    Min Secure Pwd Len Ignored when the Admin Security with the ACP feature is installed and the password-policy-strength is set to enabled.

    The default value is 8 (characters). The allowable values 8 through 64.
    Expiry Interval Specify the password lifetime in days. Password lifetime tracking begins when a password is changed. The default value is 90 (days). The allowable values are integers within the range 0 through 65535.
    Expiry Notify Period Specify the number of days before expiration that users will begin to receive password expiration notifications. The default value is 30 (days). The allowable values are integers within the range 1 through 90. During the notification period, users are reminded of the impending password expiry at login and logout.
    Grace Period Works in conjunction with grace-logins field.

    After the password expires, you are granted some number of logins (as specified in the grace-logins field) for some number of days (as specified in the graceperiod field).

    Once the number of grace-logins is exceeded, or graceperiod has expired, you are forced to change your password.

    The default value for grace-period is 30 (days). The allowable values for grace-period are integers within the range 1 through 90.
    Grace Logins Works in conjunction with grace-period field.

    See description for the grace-period field for more information.

    The default value for the grace-logins field is 3 (logins). The allowable values for the grace-logins field are integers within the range 1 through 10
    Password History Count Specify the number of previously used passwords retained in an encrypted format in the password history cache.

    The default value is 8. (retained passwords). The allowable values are integers within the range 1 through 24.

    By default, a user’s eight most recently expired passwords are retained in the password history. As the user’s current password is changed, the password is added to the history, replacing the oldest password entry. New, proposed passwords are evaluated against the contents of the password cache, to prevent password re-use, and guard against minimal password changes.
  4. Click OK.