• MapReduce Service

  1. Help Center
  2. MapReduce Service
  3. User Guide
  4. Management of Clusters with Kerberos Authentication Enabled
  5. Modifying a Password Policy

Modifying a Password Policy


This section describes how to set password and user login security rules as well as user lock rules. Password policies set on MRS Manager take effect for Human-machine users only, because the passwords of Machine-machine users are randomly generated.

Modify password policies based on service security requirements, because they involve user management security. Otherwise, security risks may be caused.


  1. On MRS Manager, click System.
  2. Click Configure Password Policy.
  3. Modify password policies as prompted. For parameter details, see Table 1.

    Table 1 Password policy parameter description



    Minimum Password Length

    Indicates the minimum number of characters a password contains. The value ranges from 6 to 32. The default value is 6.

    Number of Character Types

    Indicates the minimum number of character types a password contains. The character types are uppercase letters, lowercase letters, digits, spaces, and special characters (~`!?,.:;-_'(){}[]/<>@#$%^&*+|\=). The value can be 4 or 5. The default value is 2, which means that a password must contain at least two types of the following characters: uppercase letters, lowercase letters, digits, special characters, and spaces.

    Password Validity Period (days)

    Indicates the validity period (days) of a password. The value ranges from 0 to 90. 0 means that the password is permanently valid. The default value is 90.

    Password Expiration Notification Days

    It is used to notify password expiration in advance. After the value is set, if the difference between the cluster time and the password expiration time is smaller than this value, the user receives password expiration notifications. When logging in to MRS Manager, the user will be notified that the password is about to expire and a message is displayed asking the user to change the password. The value ranges from 0 to X (X must be set to the half of the password validity period and rounded down). Value 0 indicates that no notification is sent. The default value is 5.

    Interval of Resetting Authentication Failure Count (min)

    Indicates the interval (minutes) of retaining incorrect password attempts. The value ranges from 0 to 1440. 0 indicates that incorrect password attempts are permanently retained and 1440 indicates that incorrect password attempts are retained for one day. The default value is 5.

    Number of Password Retries

    Indicates the number of consecutive wrong passwords allowed before the system locks the user. The value ranges from 3 to 30. The default value is 5.

    Account Lock Duration (min)

    Indicates the time period during which a user is locked when the user lockout conditions are met. The value ranges from 5 to 120. The default value is 5.