Add_workflow_for_techpubs | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Panel | ||||
---|---|---|---|---|
In this section:
|
Use this object to manage account and password-related configurations. For password rules configuration, refer to Password Rules - CLI.
To minimize the possibility of an unauthorized user compromising inactive OS user accounts (root/linuxadmin/sftpadmin/rss), configure this parameter to specify the number of days of OS account inactivity (OSAccountAgingPeriod
) before the account is automatically disabled.
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> accountManagement OSAccountAging OSAccountAgingPeriod <7-712 days> state <disabled | enabled> |
Caption | |||||||||
---|---|---|---|---|---|---|---|---|---|
| |||||||||
|
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> accountManagement accountAging accountAgingPeriod <30-180 days> state <disabled | enabled> |
Caption | |||||||||
---|---|---|---|---|---|---|---|---|---|
| |||||||||
|
Use this parameter to configure the account removal period.
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> accountManagement accountRemoval accountRemovalPeriod <60-360 days> state <disabled | enabled> |
Caption | |||||||||
---|---|---|---|---|---|---|---|---|---|
| |||||||||
|
Configuration for defense against brute force OAM password guessing attempts.
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> accountManagement bruteForceAttack allowAutoUnlock <disabled | enabled> consecutiveFailedAttemptAllowed <1-10> state <disabled | enabled> unlockTime <30-3600 seconds> |
Caption | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||
|
Use this configuration to defend against brute force attacks to Linux OS.
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> accountManagement bruteForceAttackOS OSstate <disabled | enabled> allowOSAutoUnlock <disabled | enabled> consecutiveFailedOSAttemptAllowed <1-10> unlockOSTime <30-5400 seconds> |
Caption | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||
|
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> accountManagement maxSessions <1-5> |
Caption | ||||||
---|---|---|---|---|---|---|
| ||||||
|
Password expiration related configuration.
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> accountManagement passwordAging OSstate <disabled | enabled> passwordAgingPeriod <30<1-180>365 days> passwordExpiryWarningPeriod <3-14 days> passwordMinimumAge <><1-365 days> state <disabled | enabled> |
Caption | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||
|
Session idle timeout related configuration.
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> accountManagement sessionIdleTimeout idleTimeout <1-120> state <disabled | enabled> |
Caption | |||||||||
---|---|---|---|---|---|---|---|---|---|
| |||||||||
|
The following example uses the Account Management feature to accomplish the following actions:
Spacevars | ||
---|---|---|
|
Code Block | ||
---|---|---|
| ||
% set system admin MYSBC accountManagement bruteForceAttack state enabled allowAutoUnlock enabled consecutiveFailedAttemptAllowed 3 unlockTime 300 % show system admin MYSBC accountManagement bruteForceAttack state enabled; consecutiveFailedAttemptAllowed 3; allowAutoUnlock enabled; unlockTime 300; |
Pagebreak |
---|