Modifying a Password Policy¶
Scenario¶
Important
Because password policies are critical to the user management security, modify them based on service security requirements. Otherwise, security risks may be incurred.
This section describes how to set password and user login security rules as well as user lock rules. Password policies set on MRS Manager take effect for Human-machine users only, because the passwords of Machine-machine users are randomly generated. This operation is supported only in clusters with Kerberos authentication enabled or common clusters with the EIP function enabled.
If a new password policy needs to be used for a new user's password or the password modified by the user, perform the following operations to modify the password policy first, and then follow instructions in Creating a User or Changing the Password of an Operation User.
Note
The operations described in this section apply only to clusters of versions earlier than MRS 3.x.
For clusters of MRS 3.x or later, see Configuring Password Policies.
Procedure¶
Access MRS Manager. For details, see Accessing MRS Manager MRS 2.1.0 or Earlier).
On MRS Manager, click System.
Click Configure Password Policy.
Modify password policies as prompted. For parameter details, see Table 1.
Table 1 Password policy parameter description¶ Parameter
Description
Minimum Password Length
Indicates the minimum number of characters a password contains. The value ranges from 8 to 32. The default value is 8.
Number of Character Types
Indicates the minimum number of character types a password contains. The character types include uppercase letters, lowercase letters, digits, spaces, and special characters (
~!?,.:;-_'(){}[]/<>@#$%^&*+|\=`). The value can be 3 or 4. The default value 3 indicates that the password must contain at least three types of the following characters: uppercase letters, lowercase letters, digits, special characters, and spaces.Password Validity Period (days)
Indicates the validity period (days) of a password. The value ranges from 0 to 90. Value 0 means that the password is permanently valid. The default value is 90.
Password Expiration Notification Days
Indicates the number of days to notify password expiration in advance. After the value is set, if the difference between the cluster time and the password expiration time is smaller than this value, the user receives password expiration notifications. When a user logs in to MRS Manager, a message is displayed, indicating that the password is about to expire and asking the user whether to change the password. The value ranges from 0 to X (X must be set to the half of the password validity period and rounded down). Value 0 indicates that no notification is sent. The default value is 5.
Interval of Resetting Authentication Failure Count (min)
Indicates the interval (minutes) of retaining incorrect password attempts. The value ranges from 0 to 1440. Value 0 indicates that the number of incorrect password attempts are permanently retained and value 1440 indicates that the number of incorrect password attempts are retained for one day. The default value is 5.
Number of Password Retries
Indicates the number of consecutive wrong passwords allowed before the system locks the user. The value ranges from 3 to 30. The default value is 5.
Account Lock Duration (min)
Indicates the time period for which a user is locked when the user lockout conditions are met. The value ranges from 5 to 120. The default value is 5.