Page History
Add_workflow_for_techpubs | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Panel | ||||
---|---|---|---|---|
In this section:
|
Use this object to manage account and password-related configurations. For password rules configuration, refer to Password Rules - CLI.
OS Account Aging
To minimize the possibility of an unauthorized user compromising inactive OS user account, configure this parameter to specify the number of days of OS account inactivity (OSAccountAgingPeriod
) before the account is automatically disabled.
Info | ||
---|---|---|
| ||
These users are exempted from OS account aging: root, linuxadmin, cnxipmadmin and postgres. |
Command Syntax
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> accountManagement OSAccountAging OSAccountAgingPeriod <7-712 days> state <disabled | enabled> |
Command Parameters
Caption | |||||||||
---|---|---|---|---|---|---|---|---|---|
| |||||||||
|
Account Aging
Command Syntax
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> accountManagement accountAging accountAgingPeriod <30-180 days> state <disabled | enabled> |
Command Parameters
Caption | |||||||||
---|---|---|---|---|---|---|---|---|---|
| |||||||||
|
Account Removal
Use this parameter to configure the account removal period.
Command Syntax
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> accountManagement accountRemoval accountRemovalPeriod <60-360 days> state <disabled | enabled> |
Command Parameters
Caption | |||||||||
---|---|---|---|---|---|---|---|---|---|
| |||||||||
|
Brute Force Attack
Configuration for defense against brute force OAM password guessing attempts.
Command Syntax
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> accountManagement bruteForceAttack allowAutoUnlock <disabled | enabled> consecutiveFailedAttemptAllowed <1-10> state <disabled | enabled> unlockTime <30-3600 seconds> |
Command Parameters
Caption | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||||||
|
Brute Force Attack OS
Use this configuration to defend against brute force attacks to Linux OS.
Command Syntax
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> accountManagement bruteForceAttackOS OSstate <disabled | enabled> allowOSAutoUnlock <disabled | enabled> consecutiveFailedOSAttemptAllowed <1-10> unlockOSTime <30-5400 seconds> |
Command Parameters
Caption | |||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| |||||||||||||||
|
Max Sessions
Command Syntax
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> accountManagement maxSessions <1-5> |
Command Parameters
Caption | ||||||
---|---|---|---|---|---|---|
| ||||||
|
Password Aging
Password expiration related configuration.
Command Syntax
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> accountManagement passwordAging OSstate <disabled | enabled> passwordAgingPeriod <1-365 days> passwordExpiryWarningPeriod <3-14 days> passwordMinimumAge <1-365 days> state <disabled | enabled> |
Command Parameters
Caption | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||||||
|
Session Idle Timeout
Session idle timeout related configuration.
Command Syntax
Code Block | ||
---|---|---|
| ||
% set system admin <SYSTEM NAME> accountManagement sessionIdleTimeout idleTimeout <1-120> state <disabled | enabled> |
Command Parameters
Caption | |||||||||
---|---|---|---|---|---|---|---|---|---|
| |||||||||
|
SFTP Admin (Removed)
The SFTP Admin sftpadmin
account has been removedwas removed in release 7.1 for user account security purposes.
Related EMA Note
Info | ||||
---|---|---|---|---|
| ||||
If only keys (no password) are injected for the admin CLI user, then
|
Related
EMSRAMP Note
Info | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
As sftpadmin is removed, the EMS With the removal of |
Command Example
The following example uses the Account Management feature to accomplish the following actions:
- Allows a locked account to unlock after five minutes
- Enables
to defend against brute force attacksSpacevars 0 product - Sets the number of consecutive failed attempts to "3"
Code Block | ||
---|---|---|
| ||
% set system admin MYSBC accountManagement bruteForceAttack state enabled allowAutoUnlock enabled consecutiveFailedAttemptAllowed 3 unlockTime 300 % show system admin MYSBC accountManagement bruteForceAttack state enabled; consecutiveFailedAttemptAllowed 3; allowAutoUnlock enabled; unlockTime 300; |