Dell SMA 200 Administration Manual page 173

the expiration interval in the Passwords expire in x days field. To force users to change their password
the next time they log in, check Require password change on next logon.
NOTE: A specific local domain user can be forced to change their password. Use the
General tab on the Users > Local Users > Edit page.
If the domain is set with concrete password expiration days, you should also set the user expiration to 0.
That means using the domain expiration setting. The domain setting detection is automatic after
submitting the "adding user" request. Also, you can manually change it on creation.
The default password expiration value is two years (730 days).
On upgrade, the existing values for password expiration should remain as they are.
A notice was added in the Admin status page to recommend setting the expiration from all local
database domains. The notice has a list of domains (top 5) that need that setting. If you set the default
password expiration for all the domains, then the message is dismissed.
6 If you set a password expiration interval, type the number of days before expiration that users should
receive notifications in the Show warning x days before password expiration field.
When configured and a password is expiring, a notification is displayed on the user's Virtual Office page
or the Administrator's management console identifying the number of days before their password
expires. Notifications also include a link to a screen where the password can be changed.
7 Optionally add the number of unique new passwords that is associated with a user account before an old
password can be re-used for the account in the Enforce password history, x passwords remembered
field. The value specified must be between 0 and 10 passwords.
8 Optionally Enforce password minimum length by entering a value between 1 and 14 characters. This is
the minimum amount of characters accepted for a user password.
9 Optionally select Enforce password complexity. When this option is enforced, at least three of the
four following parameters must be met when setting a password:
• English uppercase characters (A through Z)
• English lowercase characters (a through z)
• Base 10 digits (0 through 9)
• Non-alphabetic characters (for example, !, $, #, %)
10 Optionally select Allow password changes. This allows users to change their own passwords after their
account is set up.
11 Optionally select Enable client certificate enforcement to require the use of client certificates for
login. By checking this box, you require the client to present a client certificate for strong mutual
authentication. Two additional fields appear:
• Verify user name matches Common Name (CN) of client certificate - Select this check box to
require that the user's account name match their client certificate.
• Verify partial DN in subject - Use the following variables to configure a partial DN that matches
the client certificate:
• User name: %USERNAME%
• Domain name: %USERDOMAIN%
• Active Directory user name: %ADUSERNAME%
• Wildcard: %WILDCARD%
Dell SonicWALL Secure Mobile Access 8.5
Administration Guide
173