Brocade Fabric OS Command Reference (Supporting Fabric OS v7.3.0) User Manual

Page 676

background image

646

Fabric OS Command Reference

53-1003131-01

passwdCfg

2

-minpasswordage value

Specifies the minimum number of days that must elapse before a password can
be changed. -minpasswordage can be set at 0 to 999. The default value is 0.
Setting this parameter to a nonzero value discourages a user from rapidly
changing a password in order to defeat the password history setting to reuse a
recently used password. The minpasswordage policy is not enforced when an
administrator changes the password for another user.

-maxpasswordage value

Specifies the maximum number of days that can elapse before a password must
be changed. This is the password expiration period. -maxpasswordage can be
set at 0 to 999. Setting this parameter to 0 disables password expiration. The
default value is 0. When -maxpasswordage is set to a nonzero value,
-minpasswordage must be set to a value less than or equal to
-maxpasswordage.

-warning value

Specifies the number of days prior to password expiration that a warning of
password expiration is displayed. The valid range for -warning is 0 to 999. The
default value to 0.

-lockoutthreshold value

Specifies the number of times a user can specify an incorrect password during
login before the account is locked. The number of failed login attempts is counted
from the last successful login. Values for -lockoutthreshold range from 0 to 999.
Setting this parameter to 0 disables the lockout mechanism. The default value is
0.

-lockoutduration value

Specifies the time, in minutes, after which a previously locked account
automatically unlocks. lockoutduration values range from 0 to 99999. The
default value is 30. Setting this parameter to 0 disables lockout duration, requiring
an administrative action to unlock the account. The lockout duration begins with
the first login attempt after the lockout threshold has been reached. Subsequent
failed login attempts do not extend the lockout period.

-repeat value

Specifies the length of repeated character sequences that will be disallowed. For
example, if the "repeat" value is set to 3, a password "passAAAword" is disallowed
because it contains the repeated sequence "AAA". A password of "passAAword"
would be allowed because no repeated character sequence exceeds two
characters. The range of allowed values is 1 to 40.

-sequence value

Specifies the length of sequential character sequences that will be disallowed. In a
character sequence, the ASCII value of each contiguous character differs by one.
The ASCII value for the characters in the sequence must all be increasing or
decreasing. For example, if the "sequence" value is set to 3, a password
"passABCword" is disallowed because it contains the sequence "ABC". A
password of "passABword" would be allowed because no repeated character
sequence exceeds two characters. The range of allowed values is 1 to 40. The
default value is 1.

-reverse [1|0]

Activates (1) or deactivates (0) the validation check to determine whether the
password is an exact reverse string of the username.

--setuser username

Configures the password policy for a specific user.