Brocade Fabric OS Command Reference (Supporting Fabric OS v7.3.0) User Manual

Fabric OS Command Reference

645

53-1003131-01

passwdCfg

2

The account lockout policy disables a user account when the user exceeds a configurable number of
failed login attempts. The mechanism can be configured to keep the account locked until explicit
administrative action is taken to unlock the account or locked accounts can be automatically unlocked
after a specified period. An administrator can unlock a locked account at any time. Note that the account
locked state is distinct from the account disabled state. The account lockout policy is enforced across all
user accounts except the root, factory, and SecurityAdmin role accounts. A separate configuration option,
available to the SecurityAdmin and Admin role accounts, may be used to enable and disable applications
of the account lockout policy to Admin role accounts.

A failed login attempt counter is maintained for each user on each switch instance. The counters for all
user accounts are reset to zero when the account lockout policy is enabled. The counter for an individual
account is reset to zero when the account is unlocked after the lock-out duration period expires.

NOTES

The execution of this command is subject to Virtual Fabric or Admin Domain restrictions that may be in
place. Refer to Chapter 1, "Using Fabric OS Commands" and Appendix A, "Command Availability" for
details.

OPERANDS

This command takes as input an operand and its associated arguments. When invoked without
operands, the command prints the usage.

--showall

Displays the password configuration parameters.

--showuser username

Displays the password configuration parameters for a specific user.

--setdefault

Resets all password policies to their default values.

--set

Configures a specified password policy.

-lowercase value

Specifies the minimum number of lowercase alphabetic characters that must
occur in the password. The default value is 0. The maximum value must be less
than or equal to the -minlength value.

-uppercase value

Specifies the minimum number of uppercase alphabetic characters that must
occur in the password. The default value is 0. The maximum value must be less
than or equal to the -minlength value.

-digits value

Specifies the minimum number of numeric digits that must occur in the password.
The default value is 0. The maximum value must be less than or equal to the
-minlength value.

-punctuation value

Specifies the minimum number of punctuation characters that must occur in the
password. All displayable, non-alphanumeric punctuation characters, except the
colon (:), are allowed. The default value is 0. The maximum value must be less
than or equal to the -minlength value.

-minlength value

Specifies the minimum length of the password. The minimum can be set
anywhere between 8 and 40 characters. The default value is 8. The total of
-lowercase, -uppercase, -digits, -punctuation must be less than or equal to
-minlength value.

-history value

Specifies the number of past password values that are disallowed when setting a
new password. A value of 0 to 24 can be specified. The default value is 0.