Password encryption policy – Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual
Page 222

190
Network OS NETCONF Operations Guide
53-1003231-02
Password policies
15
NOTE
Passwords can be a maximum of 40 characters in length.
Password encryption policy
Network OS supports encrypting the passwords of all existing user accounts by enabling password
encryption at the switch level. By default, the encryption service is disabled and passwords are
stored in clear-text.
When you enable password encryption, all existing clear-text passwords will be encrypted, and any
passwords that are added subsequently in clear-text will be stored in encrypted format
In the following example, the testuser account password is created in clear-text after password
encryption has been enabled. The global encryption policy overrides the account-level encryption
settings. The password is stored as encrypted.
1. Issue the
urn:brocade.com:mgmt:brocade-aaa namespace.
2. Under the
password encryption.
character-restriction
numeric
Specifies the minimum number of numeric characters that must occur in the password. The
maximum value must be less than or equal to the Minimum Length value. The default value
is zero, which means there is no restriction of numeric characters.
character-restriction
special-char
Specifies the minimum number of punctuation characters that must occur in the password.
All printable, non-alphanumeric punctuation characters except the colon (:) are allowed.
The value must be less than or equal to the Minimum Length value. The default value is
zero, which means there is no restriction of punctuation characters.
Characters added after an exclamation point are dropped. For example, if you use the
password “first!second”, the password will become “first!”
Special characters, such as backslash (\) and question mark (?), are not counted as
characters in a password unless the password is specified within quotes.
min-length
Specifies the minimum length of the password. Passwords must be from 8 through 32
characters in length. The default value is 8. The total of the previous four parameters
(lowercase, uppercase, digits, and punctuation) must be less than or equal to the Minimum
Length value.
max-retry
Specifies the number of failed password logins permitted before a user is locked out. The
lockout threshold can range from 0 through 16. The default value is 0. When a password
fails more than one of the strength attributes, an error is reported for only one of the
attributes at a time.
TABLE 8
Password policy parameters (Continued)
Parameter
Description