| Home Prev |  InCenter 2.2.5 On-Premises Administration Guide
|
Next |
|---|
The user password policy for InCenter is determined globally by a single predefined PasswordPolicy object.
The following are the PasswordPolicy object's properties:
Enabled
When set to a value of No, the password policy is not applied. The default value is Yes which means that all user passwords must conform to the policy parameters specified by the object.
MinimumPasswordLength
The minimum number of characters in passwords. The minimum allowed length is 4. The default value is 10.
PasswordExpiryInDays
The number of days before a user is prompted to change the current password. A value of zero (the default) means there is no expiry time and the current passwords can be used indefinitely.
HistoryCount
The number of password changes required after a password is changed before that same password can be reused again. The maximum value allowed is 30 changes before reuse. A value of zero (the default) means there is no limit on password reuse.
PasswordComplexity
If disabled, passwords can consist of any keyboard characters. If enabled (the default), a new password must contain all of the following:
At least one lowercase character.
At least one uppercase character.
At least one numeric character.
At least one character which is non-alphanumeric. For example, characters such as "?" or "!" or "*".
Changing the Password Policy
The following command is an example of changing the current password policy:admin@InCenter:/> set PasswordPolicy
MinimumPasswordLength=15
PasswordExpiryInDays=365
HistoryCount=24Disabling the Password Policy
Disabling the password policy (it is enabled by default) is done with the following command:admin@InCenter:/> set PasswordPolicy Enabled=NoBehavior of the Default Administrator Password
Even though the PasswordPolicy object is enabled by default, the predefined management user called admin still has the predefined weak password of admin and this will allow the administrator to log in.However, as soon as any change to the InCenter system is deployed, the admin user will be forced to change the password to one that conforms to the password policy on the next occasion they try to log in. This forced change can only be avoided by disabling the PasswordPolicy object.
Passwords Can Contain Spaces and Quotes
Passwords in InCenter follow the same rules as any other string value specified in the CLI. This means they contain spaces and quotes. For the rules of how strings can be specified, see Section 4.2, Specifying String Values.Switching the Password Policy to On from Off
If the PasswordPolicy object is disabled, then enabled later, any user that was created in-between with a non-conforming password will be prompted to change to a conforming password when that user next tries to log into the system.Upgrading From Older InCenter Versions
After upgrading from any InCenter version that lacks the password policy feature to a version that has it, the PasswordPolicy object is always disabled by default. The administrator must explicitly enable the object if its password requirements are to be applied.Password Display in the User Interfaces
For security, InCenter will not display passwords in the user interface. Instead, a number of asterisk characters will be displayed and the number will match the actual length of the password. This approach is also used with other types of sensitive information that is displayed by InCenter, for example with certificate data.