Password strength policy – Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual

All password policies are enforced during logins to the standby CP. However, you may observe that the
password enforcement behavior on the standby CP is inconsistent with prior login activity; this is
because password state information from the active CP is automatically synchronized with the standby
CP, thereby overwriting any password state information that was previously stored there. Also,
password changes are not permitted on the standby CP.

Password authentication policies configured using the passwdCfg command are not enforced during
initial prompts to change default passwords.

Password strength policy

The password strength policy is enforced across all user accounts, and enforces a set of format rules to
which new passwords must adhere. The password strength policy is enforced only when a new
password is defined. The total of the other password strength policy parameters (lowercase, uppercase,
digits, and punctuation) must be less than or equal to the value of the MinLength parameter.

Use the following attributes to the passwdCfg command to set the password strength policy:

• Lowercase

Specifies the minimum number of lowercase alphabetic characters that must appear in the password.
The default value is zero. The maximum value must be less than or equal to the MinLength value.

• Uppercase

Specifies the minimum number of uppercase alphabetic characters that must appear in the
password. The default value is zero. The maximum value must be less than or equal to the
MinLength value.

• Digits

Specifies the minimum number of numeric digits that must appear in the password. The default value
is zero. The maximum value must be less than or equal to the MinLength value.

• Punctuation

Specifies the minimum number of punctuation characters that must appear in the password. All
printable, non-alphanumeric punctuation characters except the colon ( : ) are allowed. The default
value is zero. The maximum value must be less than or equal to the MinLength value.

• MinLength

Specifies the minimum length of the password. The minimum can be from 8 through 40 characters.
New passwords must be between the minimum length specified and 40 characters. The default value
is 8. The maximum value must be greater than or equal to the MinLength value.

• Repeat

Specifies the length of repeated character sequences that will be disallowed. For example, if the
"repeat" value is set to 3, a password "passAAAword" is disallowed because it contains the repeated
sequence "AAA". A password of "passAAword" would be allowed because no repeated character
sequence exceeds two characters. The range of allowed values is from 1 through 40. The default
value is 1.

• Sequence

Specifies the length of sequential character sequences that will be disallowed. A sequential character
sequence is defined as a character sequence in which the ASCII value of each contiguous character
differs by one. The ASCII value for the characters in the sequence must all be increasing or
decreasing. For example, if the "sequence" value is set to 3, a password "passABCword" is
disallowed because it contains the sequence "ABC". A password of "passABword" would be allowed
because it contains no sequential character sequence exceeding two characters. The range of

Password strength policy

Fabric OS Administrators Guide

141

53-1003130-01