5. Password policy

_images/MoteurDeDetectionON.png

From 'User menu' :

_images/SA3.PNG_images/SA9.PNG

The 'Password Policy' tab Allows you to set a password policy.

_images/SA10.PNG

The 'Password policy' menu allows to impose password complexity rules for SETUP, GVIEWADM and GVIEW accounts. These rules include password complexity, frequency of change, and the number of previous passwords that must be different from a new password.

_images/SA11.PNG

First, it is necessary to make security policies availables by activating 'Enable policy enforcement'.

The Reset default policy menu allows you to reset password policy.

You can do it with the following CLI command :

set password-policy [disable|enable]
set password-policy restore default

Once the security policy is activated, it can be edited via two menus: 'Edit rules' and 'Edit complexity parameters'. From 'Edit rules', the administrator will choose their preferences regarding the account password:

_images/SA12.PNG

From the 'Edit rules' tab the user can decide to configure:

  • A minimum length of the password in terms of number of characters (8 minimum)

  • A maximum validity period in days of the password (0 to disable)

  • A check of old passwords (0 to disable)

_images/SA13.PNG

Once the value has been modified, it is necessary to validate the modification by pressing 'OK'.

You can do it with the following CLI command :

show password-policy
set password-policy password-lenght [8-100]
set password-policy validity-duration [0|1-3650]
set password-policy previous-check [0|1-1000]

From 'Edit complexity parameters' it is possible to select the complexity rules applied to passwords.

_images/SA14.PNG

Therefore by checking with the 'space' the corresponding box, the administrator selects whether he requires numbers, lowercase letters, uppercase letters or even symbols for the next passwords.

_images/SA15.PNG

Once the value has been modified, it is necessary to validate the modification by pressing 'OK'.

Once all the information has been filled in, the system administrator must apply the configuration via 'Save'. for this to be taken into account. Otherwise, 'Discard' allows you to exit the menu without the modifications being taken into account.

You can do it with the following CLI command :

show password-policy
set password-policy lowercase-optional
set password-policy uppercase-optional
set password-policy digits-optional
set password-policy symbols-optional