Updated on 2024-03-01 GMT+08:00

Modifying a Password Policy

Scenario

This section describes how to set password and user login security rules as well as user lock rules. Password policies set on MRS Manager take effect for Human-machine users only, because the passwords of Machine-machine users are randomly generated.

If a new password policy needs to be used for a new user's password or the password modified by the user, perform the following operations to modify the password policy first, and then create a user or change the password by following instructions in Creating a User or Changing the Password of an Operation User.

  • Because password policies are critical to user management security, modify them based on service security requirements. Otherwise, security risks may be incurred.
  • New password policies take effect only after both the password policies and user password are changed.

Procedure

  1. On MRS Manager, click System.
  2. Click Configure Password Policy.
  3. Modify password policies as prompted. For parameter details, see the following table:

    Table 1 Password policy parameter description

    Parameter

    Description

    Minimum Password Length

    Indicates the minimum number of characters a password contains. The value ranges from 8 to 32. The default value is 8.

    Number of Character Types

    Indicates the minimum number of character types a password contains. The character types are uppercase letters, lowercase letters, digits, spaces, and special characters (~`!?,.:;-_'(){}[]/<>@#$%^&*+|\=). The value can be 3 or 4. The default value 3 indicates that the password must contain at least three types of the following characters: uppercase letters, lowercase letters, digits, special characters, and spaces.

    Password Validity Period (days)

    Indicates the validity period (days) of a password. The value ranges from 0 to 90. 0 means that the password is permanently valid. The default value is 90.

    Password Expiration Notification Days

    Indicates the number of days in advance users are notified that their passwords are about to expire. After the value is set, if the difference between the cluster time and the password expiration time is smaller than this value, the user receives password expiration notifications. When a user logs in to MRS Manager, a message is displayed, indicating that the password is about to expire and asking the user whether to change the password. The value ranges from 0 to X (X must be set to the half of the password validity period and rounded down). Value 0 indicates that no notification is sent. The default value is 5.

    Interval of Resetting Authentication Failure Count (min)

    Indicates the interval of retaining incorrect password attempts, in minutes. The value ranges from 0 to 1440. 0 indicates that incorrect password attempts are permanently retained and 1440 indicates that incorrect password attempts are retained for one day. The default value is 5.

    Number of Password Retries

    Indicates the number of consecutive wrong passwords allowed before the system locks the user. The value ranges from 3 to 30. The default value is 5.

    Account Lock Duration (min)

    Indicates the time period for which a user is locked when the user lockout conditions are met. The value ranges from 5 to 120. The default value is 5.