Configuring Password Policies
Scenarios
Based on service security requirements, you can set password security rules, user login security rules, and user locking rules on FusionInsight Manager.
- Modify password policies based on service security requirements, because they involve user management security. Otherwise, security risks may be caused.
- Change the user password after modifying the password policy, and then the new password policy can take effect.
Procedure
- Log in to FusionInsight Manager.
- Choose System > Permission > Security Policy > Password Policy.
- Modify the password policy as prompted.
For details about the parameters for modifying the password policy, see Table 1.
Table 1 Password policy parameters Parameter
Description
Minimum Password Length
Indicates the minimum number of characters a password contains. The value ranges from 8 to 64. The default value is 8.
Character Types
Indicates how many character types in the following 5 types a password can contain: uppercase letters, lowercase letters, digits, and special characters (including ~`!?,.:;-_'(){}[]/<>@#$%^&*+|\= and spaces). The value can be 4 or 5. The default value is 4, which means that a password can contain uppercase letters, lowercase letters, digits, and the special characters. If you set the parameter to 5, a password can contain all the five character types mentioned above.
Password Retries
Indicates the number of consecutive wrong password attempts allowed before the system locks the user. The value ranges from 3 to 30. Default value is 5.
User Lockup Time (Min)
Indicates the time period during which a user is locked when the user lockout conditions are met. The value ranges from 5 to 120. Default value is 5.
Password Validity Period (Day)
Indicates the validity period of a password. The value ranges from 0 to 90. 0 indicates that the password is permanently valid. The default value is 90.
Repetition Rule
When modifying a password, you are not allowed to use the password that has been used in the recent N times. N ranges from 1 to 5, and the default value is 1. This policy applies to only Human-machine users.
Password Expiration Notification Days
Indicates the number of days in advance users are notified that their passwords are about to expire. It is used to notify password expiration in advance. After the value is set, if the difference between the cluster time and the password expiration time is smaller than this value, the user receives password expiration notifications. When logging in to FusionInsight Manager, the user will be notified that the password is about to expire and a message is displayed asking the user to change the password. The value ranges from 0 to X (X must be set to the half of the password validity period and rounded down). The value 0 indicates that no notification is sent. The default value is 5.
Interval for Deleting Authentication Failure Records (Min)
Indicates the interval of retaining incorrect password attempts. The value ranges from 0 to 1440. 0 indicates that incorrect password attempts are permanently retained, and 1440 indicates that incorrect password attempts are retained for one day. Default value is 5.
- Click OK to save the configurations.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot