Passwdcfg – Dell POWEREDGE M1000E User Manual

Fabric OS Command Reference

543

53-1001764-02

passwdCfg

2

passwdCfg

Manages the password policies.

Synopsis

passwdcfg --set options value

passwdcfg --disableadminlockout

passwdcfg --enableadminlockout

passwdcfg --setdefault

passwdcfg --showall

passwdcfg --help

Description

Use this command to manage password policies.

Use --set to configure the following password policies:

•

Password strength policy

•

Password history policy

•

Password expiration policy

•

Account lockout policy

Password Strength Policy
The password strength policy enforces a set of rules that new passwords must satisfy. Configurable
rules include lowercase and uppercase characters, numbers, punctuation occurrences and
minimum length values. It is enforced only when a new password is defined. The password strength
policy is enforced across all user accounts. When a password fails more than one of the strength
attributes, an error is reported for only one of the attributes at a time.

Password History Policy
The password history policy prevents reuse of a recently used password. The password history
policy is enforced across all user accounts when users are setting their own password. It is not
enforced when an administrator sets a password for another user, but the user’s password history
is preserved and the password set by the administrator is recorded in the user’s password history.

Password Expiration Policy
The password expiration policy forces expiration of a password after a specified period of time.
When a user’s password expires, the user must change the password to complete the
authentication process. A warning that password expiration is approaching is displayed when the
user logs in. The number of days prior to password expiration during which warnings commence is
a configurable parameter. Password expiration does not disable or lock out the account. The
password expiration policy is enforced across all user accounts except the root and factory
accounts.

Account Lockout Policy
The account lockout policy disables a user account when the user exceeds a configurable number
of failed login attempts. The mechanism can be configured to keep the account locked until explicit
administrative action is taken to unlock the account or locked accounts can be automatically
unlocked after a specified period. An administrator can unlock a locked account at any time. Note
that the account locked state is distinct from the account disabled state. The account lockout