beautypg.com

Password encryption policy – Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual

Page 222

background image

190

Network OS NETCONF Operations Guide

53-1003231-02

Password policies

15

NOTE

Passwords can be a maximum of 40 characters in length.

Password encryption policy

Network OS supports encrypting the passwords of all existing user accounts by enabling password
encryption at the switch level. By default, the encryption service is disabled and passwords are
stored in clear-text.

When you enable password encryption, all existing clear-text passwords will be encrypted, and any
passwords that are added subsequently in clear-text will be stored in encrypted format

In the following example, the testuser account password is created in clear-text after password
encryption has been enabled. The global encryption policy overrides the account-level encryption
settings. The password is stored as encrypted.

1. Issue the RPC to configure the node in the

urn:brocade.com:mgmt:brocade-aaa namespace.

2. Under the node, include the empty element to enforce

password encryption.

character-restriction
numeric

Specifies the minimum number of numeric characters that must occur in the password. The
maximum value must be less than or equal to the Minimum Length value. The default value
is zero, which means there is no restriction of numeric characters.

character-restriction
special-char

Specifies the minimum number of punctuation characters that must occur in the password.
All printable, non-alphanumeric punctuation characters except the colon (:) are allowed.
The value must be less than or equal to the Minimum Length value. The default value is
zero, which means there is no restriction of punctuation characters.
Characters added after an exclamation point are dropped. For example, if you use the
password “first!second”, the password will become “first!”
Special characters, such as backslash (\) and question mark (?), are not counted as
characters in a password unless the password is specified within quotes.

min-length

Specifies the minimum length of the password. Passwords must be from 8 through 32
characters in length. The default value is 8. The total of the previous four parameters
(lowercase, uppercase, digits, and punctuation) must be less than or equal to the Minimum
Length value.

max-retry

Specifies the number of failed password logins permitted before a user is locked out. The
lockout threshold can range from 0 through 16. The default value is 0. When a password
fails more than one of the strength attributes, an error is reported for only one of the
attributes at a time.

TABLE 8

Password policy parameters (Continued)

Parameter

Description