beautypg.com

Login lockout – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 43

background image

Multi-Service IronWare Security Configuration Guide

25

53-1003035-02

Enabling strict password enforcement

1

Syntax: [no] enable strict-password-enforcement expiration early-warning-period days

The days variable specifies the number of days prior to password expiration of a user that a
notification of password expiration is printed at user login. The default is 10 days, the minimum is 1
day, and maximum is 365 days.

Once the early warning period is set, when the user successfully logs in within the early warning
period time frame, the following message is displayed: “password will expire in x day(s)”, where x is
the number of days remaining before the password expires.

Once the password is expired, the user is permitted a configurable amount of subsequent login
attempts. There is no limit on the time-period before requiring a new password. The only limit is the
number of subsequent login attempts allowed for that user.

To configure the maximum grace login attempts allowed for a user once the user’s password has
expired, enter the following:

Brocade(config)# enable strict-password-enforcement expiration

grace-login-attempts 2

Syntax: [no] enable strict-password-enforcement expiration grace-login-attempts times

The times variable specifies the maximum number of times a user can log in after password
expiration. The default is 3 times, the maximum is 3 times, and the minimum is 0 times.

The show user command can be used to display the expiration date or remaining grace logins as
shown in bold in the following:

Brocade(config)#show users
Username Password Encrypt Priv Status Expire Time/Grace Logins

=================================================================================

user1

$1$E81..sj4$Kv25UrYDLYHaSv.SQY8fB. enabled 0 enabled 90 days

user2

$1$Tm3..r91$O7l5L98/V7ivvRxgJKPNU0 enabled 0 enabled 90 days

user3

$1$Qn/..9n2$3lAwyrYolr2Pe.5x5wdYw. enabled 0 expired 1 grace

Login lockout

If the enable strict-password-enforcement command is enabled, users have up to three login
attempts. If a user fails to login after third attempts, that user is locked out (disabled).

To re-enable a user that has been locked out, perform one of the following tasks:

Reboot the device to re-enable all disabled users.

Enable the user by entering the following command.

Brocade(config)# username sandy enable

Syntax: [no] username name enable

The name variable specifies the username to be enabled.

See also other documents in the category Brocade Computer Accessories: