Protection Of The Local User Database From Distributions; Accepting Distribution Of User Databases On The Local Switch; Rejecting Distributed User Databases On The Local Switch; Password Policies - HP A7533A - Brocade 4Gb SAN Switch Base Administrator's Manual
Hp storageworks fabric os 6.2 administrator guide (5697-0016, may 2009)
Hide thumbs
Also See for A7533A - Brocade 4Gb SAN Switch Base:
- Administrator's manual (518 pages) ,
- Hardware reference manual (256 pages) ,
- User manual (248 pages)
Table of Contents
Advertisement
NOTE:
If Virtual Fabrics mode is enabled, distributing the password database to switches is not
supported. If the distribution command is entered from a pre-Fabric OS 6.2.0, switches running
Fabric OS 6.2.0 will reject it.
Protection of the local user database from distributions
Fabric OS 5.2.0 and later allows you to distribute the user database and passwords to other switches in
the fabric. When the switch accepts a distributed user database, it replaces the local user database with
the user database it receives.
By default, switches accept the user databases and passwords distributed from other switches. This section
explains how to protect the local user database from being overwritten.
Accepting distribution of user databases on the local switch
1.
Connect to the switch and log in using an account assigned to the admin role.
2.
Enter the following command:
fddCfg --localaccept PWD
where PWD is the user database policy.
Rejecting distributed user databases on the local switch
1.
Connect to the switch and log in using an account assigned to the admin role.
2.
Enter the following command:
fddCfg --localreject PWD
Password policies
The password policies described in this section apply to the local switch user database only. Configured
password policies (and all user account attribute and password state information) are synchronized across
CPs and remain unchanged after an HA failover. Password policies can also be manually distributed
across the fabric (see
configurable password policies:
•
Password strength
•
Password history
•
Password expiration
•
Account lockout
All password policies are enforced during logins to the standby CP. However, you may observe that the
password enforcement behavior on the standby CP is inconsistent with prior login activity because
password state information from the active CP is automatically synchronized with the standby CP, thereby
overwriting any password state information that was previously stored there. Also, password changes are
not permitted on the standby CP.
Password authentication policies configured using the passwdCfg command are not enforced during
initial prompts to change default passwords.
Password strength policy
The password strength policy is enforced across all user accounts, and is applicable to a set of format rules
to which new passwords must adhere. The password strength policy is enforced only when a new
password is defined. The total of the other password strength policy parameters (lowercase, uppercase,
digits, and punctuation) must be less than or equal to the value of the MinLength parameter.
Use the following attributes to set the password strength policy:
•
Lowercase
Specifies the minimum number of lowercase alphabetic characters that must appear in the password.
The default value is zero. The maximum value must be less than or equal to the MinLength value.
"Local account database
distribution" on page 74). The following is a list of the
Fabric OS 6.2 administrator guide
75
Hide quick links:
Advertisement
Table of Contents
