Brocade Multi-Service IronWare Security Configuration Guid Uživatelský manuál stáhnout pdf (Strana 43)

Multi-Service IronWare Security Configuration Guide 25

53-1003035-02

Enabling strict password enforcement

Syntax: [no] enable strict-password-enforcement expiration early-warning-period days

The days variable specifies the number of days prior to password expiration of a user that a

notification of password expiration is printed at user login. The default is 10 days, the minimum is 1

day, and maximum is 365 days.

Once the early warning period is set, when the user successfully logs in within the early warning

period time frame, the following message is displayed: “password will expire in x day(s)”, where x is

the number of days remaining before the password expires.

Once the password is expired, the user is permitted a configurable amount of subsequent login

attempts. There is no limit on the time-period before requiring a new password. The only limit is the

number of subsequent login attempts allowed for that user.

To configure the maximum grace login attempts allowed for a user once the user’s password has

expired, enter the following:

Brocade(config)# enable strict-password-enforcement expiration

grace-login-attempts 2

Syntax: [no] enable strict-password-enforcement expiration grace-login-attempts times

The times variable specifies the maximum number of times a user can log in after password

expiration. The default is 3 times, the maximum is 3 times, and the minimum is 0 times.

The show user command can be used to display the expiration date or remaining grace logins as

shown in bold in the following:

Brocade(config)#show users

Username Password Encrypt Priv Status Expire Time/Grace Logins

=================================================================================

user1 $1$E81..sj4$Kv25UrYDLYHaSv.SQY8fB. enabled 0 enabled 90 days

user2 $1$Tm3..r91$O7l5L98/V7ivvRxgJKPNU0 enabled 0 enabled 90 days

user3 $1$Qn/..9n2$3lAwyrYolr2Pe.5x5wdYw. enabled 0 expired 1 grace

If the enable strict-password-enforcement command is enabled, users have up to three login

attempts. If a user fails to login after third attempts, that user is locked out (disabled).

To re-enable a user that has been locked out, perform one of the following tasks:

• Reboot the device to re-enable all disabled users.

• Enable the user by entering the following command.

Brocade(config)# username sandy enable

Syntax: [no] username name enable

The name variable specifies the username to be enabled.

1 2 ... 38 39 40 41 42 43 44 45 46 47 48 ... 369 370

Žádné komentáře

Brocade Multi-Service IronWare Security Configuration Guid Uživatelský manuál Strana 43