Help Center > > User Guide> Managing Active Clusters> MRS Multi-User Permission Management> Modifying a Password Policy

Modifying a Password Policy

Updated at: Sep 12, 2019 GMT+08:00


This section describes how to set password and user login security rules as well as user lock rules. Password policies set on MRS Manager take effect for Human-machine users only, because the passwords of Machine-machine users are randomly generated. You have obtained a cluster with Kerberos authentication enabled or a normal cluster with the EIP function enabled.

If a new password policy needs to be used for a new user's password or the password modified by the user, perform the following operations to modify the password policy first and then follow instructions in Creating a User to create a user or Changing the Password of an Operation User to modify the password.

Modify password policies based on service security requirements, because they involve user management security. Otherwise, security risks may be caused.


  1. On MRS Manager, click System.
  2. Click Configure Password Policy.
  3. Modify password policies as prompted. For parameter details, see Table 1.

    Table 1 Password policy parameter description



    Minimum Password Length

    Indicates the minimum number of characters a password contains. The value ranges from 8 to 32. The default value is 8.

    Number of Character Types

    Indicates the minimum number of character types a password contains. The character types are uppercase letters, lowercase letters, digits, spaces, and special characters (~`!?,.:;-_'(){}[]/<>@#$%^&*+|\=). The value can be 3 or 4. The default value is 3, which means that a password must contain at least three types of the following characters: uppercase letters, lowercase letters, digits, special characters, and spaces.

    Password Validity Period (days)

    Indicates the validity period (days) of a password. The value ranges from 0 to 90. 0 means that the password is permanently valid. The default value is 90.

    Password Expiration Notification Days

    It is used to notify password expiration in advance. After the value is set, if the difference between the cluster time and the password expiration time is smaller than this value, the user receives password expiration notifications. When logging in to MRS Manager, the user will be notified that the password is about to expire and a message is displayed asking the user to change the password. The value ranges from 0 to X (X must be set to the half of the password validity period and rounded down). Value 0 indicates that no notification is sent. The default value is 5.

    Interval of Resetting Authentication Failure Count (min)

    Indicates the interval (minutes) of retaining incorrect password attempts. The value ranges from 0 to 1440. 0 indicates that incorrect password attempts are permanently retained and 1440 indicates that incorrect password attempts are retained for one day. The default value is 5.

    Number of Password Retries

    Indicates the number of consecutive wrong passwords allowed before the system locks the user. The value ranges from 3 to 30. The default value is 5.

    Account Lock Duration (min)

    Indicates the time period during which a user is locked when the user lockout conditions are met. The value ranges from 5 to 120. The default value is 5.

Did you find this page helpful?

Submit successfully!

Thank you for your feedback. Your feedback helps make our documentation better.

Failed to submit the feedback. Please try again later.

Which of the following issues have you encountered?

Please complete at least one feedback item.

Content most length 200 character

Content is empty.

OK Cancel